CN113987421A - Software authorization method, system and storage medium - Google Patents
Software authorization method, system and storage medium Download PDFInfo
- Publication number
- CN113987421A CN113987421A CN202111283781.6A CN202111283781A CN113987421A CN 113987421 A CN113987421 A CN 113987421A CN 202111283781 A CN202111283781 A CN 202111283781A CN 113987421 A CN113987421 A CN 113987421A
- Authority
- CN
- China
- Prior art keywords
- authorization
- software
- information
- authentication module
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 63
- 238000013475 authorization Methods 0.000 claims abstract description 319
- 238000012795 verification Methods 0.000 claims abstract description 53
- 238000004364 calculation method Methods 0.000 claims description 8
- 238000004458 analytical method Methods 0.000 claims description 4
- 239000000284 extract Substances 0.000 claims description 4
- 230000010354 integration Effects 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 3
- 230000004913 activation Effects 0.000 abstract description 18
- 238000011161 development Methods 0.000 abstract description 9
- 238000012423 maintenance Methods 0.000 abstract description 8
- 241001391944 Commicarpus scandens Species 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 21
- 238000012827 research and development Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 description 3
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 description 3
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/105—Arrangements for software license management or administration, e.g. for managing licenses at corporate level
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a software authorization method, a system and a storage medium, wherein the method comprises the following steps: the software authorizer generates an authorization file according to the received equipment information and the corresponding authorization information; the software authorizer returns the authorization file and the software version to the equipment manufacturer; integrating software versions and placing authorization files according to requirements by equipment manufacturers; and after the equipment runs, the software loads the authentication module and carries out authorization verification, if the verification is passed, the software runs normally, otherwise, the software stops running. The authorization file can be preset, the activation code does not need to be manually input by a user, and the method is more suitable for equipment without key input or interfaces; the off-line authorization simplifies the link of the authorization server and reduces the development and maintenance cost of the server; the device type, manufacturer, software version and the like can be authorized in batches, and the chip ID, network card address and the like of a single device can also be authorized independently; multiple signature check and multiple encryption algorithms are used in authorization and authentication, and are not easy to break.
Description
Technical Field
The embodiment of the invention relates to the technical field of software authorization, in particular to a software authorization method, a software authorization system and a storage medium.
Background
With the development of the times and the innovation of the technology, the research and development of software are increasingly invested, however, the situation that the software is used without authorization after being on line often happens, so that loss is brought to software developers, and in order to avoid the situation, the management and control of the software use right are particularly important to be strengthened. At present, the traditional software authorization modes include software activation codes, network registration, softdog and the like, however, the software activation code mode can only authorize a single device, not only needs a user to manually input an activation code (serial number) and is not suitable for devices without key input or interfaces, but also the activation code is easy to leak and has poor safety; the authorization of the network registration mode is ideal, but the mode not only can only carry out online authorization and does not support offline authorization, but also has high cost required to be invested in the development and continuous maintenance of the authorization server; the way of the dongle is relatively more ideal than the way of the software activation code, but the way needs the support of hardware and is not friendly to most embedded devices.
The above problems are urgently needed to be solved.
Disclosure of Invention
To solve the related art problems, the present invention provides a software authorization method, system and storage medium to solve the above problems.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
in a first aspect, an embodiment of the present invention provides a software authorization method, including the following steps:
s101, a software authorizer receives equipment information collected by an equipment manufacturer;
s102, the software authorizer generates an authorization file according to the received equipment information and the corresponding authorization information;
s103, the software authorizer returns the authorization file and the software version to an equipment manufacturer;
s104, integrating the software version and placing the authorization file according to requirements by a device manufacturer;
and S105, after the equipment runs, the software loads the authentication module and performs authorization verification, if the verification is passed, the software runs normally, otherwise, the software stops running.
Further, the step S102 specifically includes:
s1021, importing/inputting authorization application information and initializing an authorization file;
s1022, analyzing information including but not limited to equipment information and authorization information in the application information, filling the equipment information into DEVICE INFO, and filling the authorization information into LICENCE INFO;
s1023, generating an RSA key pair;
s1024, SHA256 calculation is carried out on DEVICE INFO and LICENCE INFO, then signature is carried out on SHA256 values by using RSA private keys, and LICENCE HASH is filled in;
s1025, modifying the RSA public key, performing obfuscation encryption, and filling LICENCE KEY;
s1026, filling the description into README;
s1027, outputting the authorization file.
Further, the step S105 of loading the authentication module and performing authorization verification by the software includes:
s1051, verifying the validity of an authentication module;
and S1052, verifying the validity of the authorization file.
Further, the verifying the validity of the authentication module in the step S1051 specifically includes:
s10511, starting software;
s10512, entering an authorization check flow;
s10513, generating a random code;
s10514, calling an authentication module initialization interface, namely: transmitting the version number of the authentication module corresponding to the current software and the generated random code to the authentication module;
s10515, the authentication module checks the version number transmitted by the software, extracts and restores the RSA private key of the corresponding version;
s10516, the authentication module uses the RSA private key to sign the random code;
s10517, the authentication module returns the result of the signature to the software;
and S10518, the software uses a preset RSA public key to verify the signature result returned by the authentication module, if the verification is passed, the validity of the authorization file is verified, otherwise, the authentication module is considered to be illegal, and an error is returned.
Further, the verifying the validity of the authorized file in the step S1052 specifically includes:
s10521, the authentication module carries out validity check on the authorization file and analyzes the authorization file;
s10522, the authentication module returns the result of analyzing the authorization file to the software;
s10523, the software carries out information retrieval and validity check on the information in the analysis result, and returns the final check result to the software;
and S10524, the software determines whether to continue to run according to the authentication result.
Further, the device information collected by the device manufacturer in step S101 includes, but is not limited to, a device model, manufacturer information, and a network card physical address.
Further, the authorization information in step S102 includes, but is not limited to, an authorization manner selected according to an authorization protocol, and an authorization validity period; the authorization mode selected according to the authorization protocol includes, but is not limited to, performing batch authorization according to the device model, or performing single authorization according to the network card physical address.
In a second aspect, an embodiment of the present invention further provides a software authorization system, including:
the device information acquisition unit is used for a software authorizer to receive device information collected by a device manufacturer;
the authorization file generating unit is used for a software authorizer to generate an authorization file according to the received equipment information and the corresponding authorization information;
the authorization file sending unit is used for the software authorizer to return the authorization file and the software version to the equipment manufacturer;
the authorization file integration unit is used for equipment manufacturers to integrate the software versions and place the authorization files according to requirements;
and the authorization verification unit is used for loading the authentication module by the software to perform authorization verification after the equipment runs, normally running if the verification is passed, and stopping running if the verification is not passed.
Further, the authorization verification unit includes:
the authentication module checking unit is used for checking whether the authentication module is legal or not;
and the authorization file checking unit is used for checking whether the authorization file is legal or not.
In a third aspect, the embodiment of the present invention further provides a storage medium, on which a computer program is stored, where the program, when executed by a processor, implements the above software authorization method.
Compared with the prior art, the technical scheme of the embodiment of the invention has the following advantages: firstly, the authorization file can be preset, and the activation code does not need to be manually input by a user after the authorization file is preset, so that the method is more suitable for equipment without key input or interfaces on one hand, and on the other hand, the activation code input flow is simplified, the user experience is improved, and the use cost of the user is reduced; secondly, performing offline authorization; compared with online authorization, the method simplifies the link of the authorization server, reduces the development and maintenance cost of the server, and has low cost; thirdly, the authorization mode and the use scene are flexible; the device type, manufacturer, software version and the like can be authorized in batches, and the chip ID, network card address and the like of a single device can be authorized independently; and fourthly, multiple signature verification (authorized file validity verification and authentication module validity verification) and multiple encryption algorithms (RSA, SHA and mixed encryption) are used in authorization and authentication, so that the authorization and the authentication are not easy to break and the security is high. The technical scheme of the embodiment of the invention realizes the innovation of software, particularly the authorization mode of embedded terminal software, improves the software cracking cost, ensures the software security, reduces the dependence on a server and hardware, saves the research and development cost, and is suitable for popularization and application.
Drawings
In order to more clearly illustrate and understand the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the background and the embodiments of the present invention will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the contents of the embodiments of the present invention and the drawings without creative efforts.
FIG. 1 is a flowchart illustrating a software authorization method according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating an authorization file generation flow in a software authorization method according to a second embodiment of the present invention;
fig. 3 is a schematic diagram illustrating an authorized file verification process in the software authorization method according to the third embodiment of the present invention;
FIG. 4 is a block diagram of a software authorization system according to a fourth embodiment of the present invention;
fig. 5 is a block diagram of a software authorization system according to a fifth embodiment of the present invention.
Detailed Description
In order to make the technical problems solved, technical solutions adopted and technical effects achieved by the present invention clearer, the technical solutions of the embodiments of the present invention will be described in further detail below with reference to the accompanying drawings, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
As shown in fig. 1, fig. 1 is a schematic flow chart of a software authorization method according to an embodiment of the present invention.
The software authorization method in the embodiment comprises the following steps:
s101, a software authorizer receives equipment information collected by an equipment manufacturer;
s102, the software authorizer generates an authorization file according to the received equipment information and the corresponding authorization information;
s103, the software authorizer returns the authorization file and the software version to an equipment manufacturer;
s104, integrating the software version and placing the authorization file according to requirements by a device manufacturer;
and S105, after the equipment runs, the software loads the authentication module and performs authorization verification, if the verification is passed, the software runs normally, otherwise, the software stops running. It should be noted that, after the device operates in this embodiment, the preferred setting mode is to select software to automatically load the authentication module, but the setting mode is not limited to this mode, and the authentication module may also be manually loaded by the user for authorization verification.
Illustratively, in this embodiment, before the step S101, the method further includes: collecting equipment information by an equipment manufacturer; the device information includes, but is not limited to, a device model, manufacturer information, a network card physical address, and the like, and the information may be read through an Application Programming Interface (API), and the read value needs to be consistent with a device Interface display value.
For example, in this embodiment, the device manufacturer fills the device information into the application document template and submits the device information to the software authorizer. Illustratively, in the present embodiment, the authorization information includes, but is not limited to, an authorization manner selected by a software authorizer according to an authorization protocol, and an authorization validity period; the authorization mode selected according to the authorization protocol includes, but is not limited to, performing batch authorization according to the device model, or performing single authorization according to the network card physical address. Finally, the software authorizer selects different authorization modes according to the authorization protocol, such as batch authorization according to the device model, or single authorization according to the network card physical address, and generates one or more authorization files by combining the authorization validity time system.
According to the technical scheme of the embodiment of the invention, the authorization file can be preset, and the activation code does not need to be manually input by a user after the authorization file is preset, so that the method is more suitable for equipment without key input or interfaces on one hand, and on the other hand, the activation code input process is simplified, the user experience is improved, and the use cost of the user is reduced; the technical scheme of the embodiment of the invention adopts an off-line authorization mode, compared with on-line authorization, the link of the authorization server is simplified, the development and maintenance cost of the server is reduced, and the cost is low; the technical scheme of the embodiment of the invention has flexible authorization mode and use scene; the method can be used for batch authorization of equipment models, manufacturers, software versions and the like, and can also be used for individual authorization of chip IDs, network card addresses and the like of single equipment. The technical scheme of the embodiment of the invention realizes the innovation of software, particularly the authorization mode of embedded terminal software, improves the software cracking cost, ensures the software security, reduces the dependence on a server and hardware, saves the research and development cost, and is suitable for popularization and application.
Example two
The software authorization method in the embodiment comprises the following steps:
s201, a software authorizer receives equipment information collected by an equipment manufacturer;
s202, the software authorizer generates an authorization file according to the received equipment information and the corresponding authorization information;
s203, the software authorizer returns the authorization file and the software version to the equipment manufacturer;
s204, integrating the software version and placing the authorization file according to requirements by a device manufacturer;
s205, after the equipment runs, the software loads the authentication module and conducts authorization verification, if the verification is passed, the software runs normally, and otherwise, the software stops running. It should be noted that, after the device operates in this embodiment, the preferred setting mode is to select software to automatically load the authentication module, but the setting mode is not limited to this mode, and the authentication module may also be manually loaded by the user for authorization verification.
Illustratively, in this embodiment, before the step S201, the method further includes: collecting equipment information by an equipment manufacturer; the device information includes, but is not limited to, a device model, manufacturer information, a network card physical address, and the like, and the information may be read through an Application Programming Interface (API), and the read value needs to be consistent with a device Interface display value.
For example, in this embodiment, the device manufacturer fills the device information into the application document template and submits the device information to the software authorizer. Illustratively, in the present embodiment, the authorization information includes, but is not limited to, an authorization manner selected by a software authorizer according to an authorization protocol, and an authorization validity period; the authorization mode selected according to the authorization protocol includes, but is not limited to, performing batch authorization according to the device model, or performing single authorization according to the network card physical address. Finally, the software authorizer selects different authorization modes according to the authorization protocol, such as batch authorization according to the device model, or single authorization according to the network card physical address, and generates one or more authorization files by combining the authorization validity time system.
For example, in this embodiment, as shown in fig. 2, the step S202 specifically includes:
s2021, importing/inputting authorization application information, and initializing an authorization file;
s2022, analyzing information including but not limited to equipment information and authorization information in the application information, filling the equipment information into DEVICE INFO, and filling the authorization information into LICENCE INFO;
s2023, generating an RSA (1024-bit, PKCS #8) key pair;
s2024, SHA256 calculation is carried out on DEVICE INFO and LICENCE INFO, then signature is carried out on SHA256 value by RSA private key, and LICENCE HASH is filled in;
s2025, modifying the RSA public key, performing confusion encryption, and filling LICENCE KEY; wherein, modifying the RSA public key in this embodiment specifically includes: the RSA public key is modified according to an agreed rule, namely, a certain bit character in the public key is replaced, modified or confused, and the modification process is protected by utilizing the characteristic that a programming language is difficult to decompile:
s2026, filling the description content into README;
and S2027, outputting the authorization file.
In the technical scheme of the embodiment of the invention, various encryption algorithms such as RSA, SHA, confusion encryption and the like are adopted in the generation process of the authorization file, so that the authorization file is not easy to crack and has high safety. According to the technical scheme of the embodiment of the invention, the authorization file can be preset, and the activation code does not need to be manually input by a user after the authorization file is preset, so that the method is more suitable for equipment without key input or interfaces on one hand, and on the other hand, the activation code input process is simplified, the user experience is improved, and the use cost of the user is reduced; the technical scheme of the embodiment of the invention adopts an off-line authorization mode, compared with on-line authorization, the link of the authorization server is simplified, the development and maintenance cost of the server is reduced, and the cost is low; the technical scheme of the embodiment of the invention has flexible authorization mode and use scene; the method can be used for batch authorization of equipment models, manufacturers, software versions and the like, and can also be used for individual authorization of chip IDs, network card addresses and the like of single equipment. The technical scheme of the embodiment of the invention realizes the innovation of software, particularly the authorization mode of embedded terminal software, improves the software cracking cost, ensures the software security, reduces the dependence on a server and hardware, saves the research and development cost, and is suitable for popularization and application.
EXAMPLE III
The software authorization method in the embodiment comprises the following steps:
s301, a software authorizer receives equipment information collected by an equipment manufacturer;
s302, the software authorizer generates an authorization file according to the received equipment information and the corresponding authorization information;
s303, the software authorizer returns the authorization file and the software version to the equipment manufacturer;
s304, integrating the software version and placing the authorization file according to requirements by a device manufacturer;
s305, after the equipment runs, the software loads the authentication module and conducts authorization verification, if the verification is passed, the software runs normally, and otherwise, the software stops running. It should be noted that, after the device operates in this embodiment, the preferred setting mode is to select software to automatically load the authentication module, but the setting mode is not limited to this mode, and the authentication module may also be manually loaded by the user for authorization verification.
Illustratively, in this embodiment, before the step S301, the method further includes: collecting equipment information by an equipment manufacturer; the device information includes, but is not limited to, a device model, manufacturer information, a network card physical address, and the like, and the information may be read through an Application Programming Interface (API), and the read value needs to be consistent with a device Interface display value.
For example, in this embodiment, the device manufacturer fills the device information into the application document template and submits the device information to the software authorizer. Illustratively, in the present embodiment, the authorization information includes, but is not limited to, an authorization manner selected by a software authorizer according to an authorization protocol, and an authorization validity period; the authorization mode selected according to the authorization protocol includes, but is not limited to, performing batch authorization according to the device model, or performing single authorization according to the network card physical address. Finally, the software authorizer selects different authorization modes according to the authorization protocol, such as batch authorization according to the device model, or single authorization according to the network card physical address, and generates one or more authorization files by combining the authorization validity time system.
For example, as shown in fig. 2 in this embodiment, the step S302 specifically includes:
s3021, importing/inputting authorization application information, and initializing an authorization file;
s3022, analyzing information including but not limited to DEVICE information and authorization information in the application information, filling the DEVICE information into DEVICE INFO, and filling the authorization information into LICENCE INFO;
s3023, generating an RSA key pair;
s3024, SHA256 calculation is carried out on DEVICE INFO and LICENCE INFO, then signature is carried out on the SHA256 value by using an RSA private key, and LICENCE HASH is filled in;
s3025, modifying the RSA public key, performing obfuscation encryption, and filling LICENCE KEY; wherein, modifying the RSA public key in this embodiment specifically includes: modifying the RSA public key according to an agreed rule, namely replacing, modifying or mixing up some bit characters in the public key, and protecting the modification process by utilizing the characteristic that a programming language is difficult to decompile;
s3026, filling the description into README;
and S3027, outputting the authorization file.
Illustratively, in this embodiment, the loading of the authentication module and the performing of the authorization verification by the software in the step S305 includes: s1051, verifying the validity of an authentication module; and S1052, verifying the validity of the authorization file. Exemplarily, as shown in fig. 3 in this embodiment, the verifying the validity of the authentication module in step S3051 specifically includes:
s30511, starting software;
s30512, entering an authorization checking process;
s30513, generating a random code;
s30514, calling an authentication module to initialize an interface, namely: transmitting the version number of the authentication module corresponding to the current software and the generated random code to the authentication module;
s30515, the authentication module checks the version number transmitted by the software, and extracts and restores an RSA private key of a corresponding version;
s30516, the authentication module signs the random code by using the RSA private key;
s30517, the authentication module returns the signature result to the software;
s30518, the software verifies the signature result returned by the authentication module by using a preset RSA public key, if the verification is passed, the validity of the authorization file is verified, otherwise, the authentication module is considered to be illegal, and an error is returned.
Illustratively, the verifying the validity of the authorization file in step S3052 in this embodiment specifically includes:
s30521, the authentication module carries out validity check on the authorization file and analyzes the authorization file; the method comprises the steps of performing a hash calculation on authorization related content, verifying a hash result by using an RSA key, judging whether the authorization related content is tampered or not, and analyzing an authorization file after the validity check is passed;
s30522, the authentication module returns the result of analyzing the authorization file to the software;
illustratively, in this embodiment, the returning, by the authentication module, a result of analyzing the authorization file to the software specifically includes: the authentication module returns the result of analyzing the authorization file to the software according to an agreed format, wherein the step of returning the result to the software according to the agreed format comprises the steps of assembling the content such as equipment information, module name, validity period and the like by using a json or xml format and returning the assembled content to the software;
s30523, the software carries out information retrieval and validity check on the information in the analysis result and returns a final check result to the software;
illustratively, the information in the parsing result in this embodiment includes, but is not limited to, an authorization status code, an authorization date, and the like.
S30524, the software determines whether to continue to operate according to the authentication result.
In the technical scheme of the embodiment of the invention, various encryption algorithms such as RSA, SHA, confusion encryption and the like are adopted in the generation process of the authorization file; multiple signature verification is used in the verification process of the legality of the authorization file and the legality of the authentication module, so that the authorization file is not easy to crack and has high safety. According to the technical scheme of the embodiment of the invention, the authorization file can be preset, and the activation code does not need to be manually input by a user after the authorization file is preset, so that the method is more suitable for equipment without key input or interfaces on one hand, and on the other hand, the activation code input process is simplified, the user experience is improved, and the use cost of the user is reduced; the technical scheme of the embodiment of the invention adopts an off-line authorization mode, compared with on-line authorization, the link of the authorization server is simplified, the development and maintenance cost of the server is reduced, and the cost is low; the technical scheme of the embodiment of the invention has flexible authorization mode and use scene; the method can be used for batch authorization of equipment models, manufacturers, software versions and the like, and can also be used for individual authorization of chip IDs, network card addresses and the like of single equipment. The technical scheme of the embodiment of the invention realizes the innovation of software, particularly the authorization mode of embedded terminal software, improves the software cracking cost, ensures the software security, reduces the dependence on a server and hardware, saves the research and development cost, and is suitable for popularization and application.
Example four
As shown in fig. 4, fig. 4 is a block diagram of a software authorization system 400 according to a fourth embodiment of the present invention.
The software authorization system 400 in this embodiment includes:
the device information acquisition unit 401 is used by a software authorizer to receive device information collected by a device manufacturer;
an authorization file generating unit 402, configured to generate an authorization file according to the received device information and corresponding authorization information by a software authorizer;
an authorization file sending unit 403, configured to return the authorization file and the software version to the device manufacturer by a software authorizer;
an authorization file integration unit 404, configured to integrate the software version and place the authorization file as required by a device manufacturer;
and the authorization verification unit 405 is used for performing authorization verification by the software loading authentication module after the device runs, and if the verification is passed, the device runs normally, otherwise, the device stops running. It should be noted that, after the device operates in this embodiment, the preferred setting mode is to select software to automatically load the authentication module, but the setting mode is not limited to this mode, and the authentication module may also be manually loaded by the user for authorization verification.
For example, in this embodiment, the device information includes, but is not limited to, a device model, vendor information, a network card physical address, etc., and this type of information is required to be read through a standard API (Application Programming Interface), and the read value needs to be consistent with a device Interface display value.
For example, in this embodiment, the device manufacturer fills the device information into the application document template and submits the device information to the software authorizer. Illustratively, in the present embodiment, the authorization information includes, but is not limited to, an authorization manner selected by a software authorizer according to an authorization protocol, and an authorization validity period; the authorization mode selected according to the authorization protocol includes, but is not limited to, performing batch authorization according to the device model, or performing single authorization according to the network card physical address. Finally, the software authorizer selects different authorization modes according to the authorization protocol, such as batch authorization according to the device model, or single authorization according to the network card physical address, and generates one or more authorization files by combining the authorization validity time system.
For example, in this embodiment, the specific process of generating the authorization file according to the received device information and the corresponding authorization information is as shown in fig. 2: s2021, importing/inputting authorization application information, and initializing an authorization file; s2022, analyzing information including but not limited to equipment information and authorization information in the application information, filling the equipment information into DEVICE INFO, and filling the authorization information into LICENCE INFO; s2023, generating an RSA (1024-bit, PKCS #8) key pair; s2024, SHA256 calculation is carried out on DEVICE INFO and LICENCE INFO, then signature is carried out on SHA256 value by RSA private key, and LICENCE HASH is filled in; s2025, modifying the RSA public key, performing confusion encryption, and filling LICENCE KEY; wherein, modifying the RSA public key in this embodiment specifically includes: modifying the RSA public key according to an agreed rule, namely replacing, modifying or mixing up some bit characters in the public key, and protecting the modification process by utilizing the characteristic that a programming language is difficult to decompile; s2026, filling the description content into README; and S2027, outputting the authorization file.
In the invention, the authorization file generation unit 402 adopts a plurality of encryption algorithms such as RSA, SHA, confusion encryption and the like in the authorization file generation process, so that the authorization file is not easy to crack and has high safety. According to the technical scheme of the embodiment of the invention, the authorization file can be preset, and the activation code does not need to be manually input by a user after the authorization file is preset, so that the method is more suitable for equipment without key input or interfaces on one hand, and on the other hand, the activation code input process is simplified, the user experience is improved, and the use cost of the user is reduced; the technical scheme of the embodiment of the invention adopts an off-line authorization mode, compared with on-line authorization, the link of the authorization server is simplified, the development and maintenance cost of the server is reduced, and the cost is low; the technical scheme of the embodiment of the invention has flexible authorization mode and use scene; the method can be used for batch authorization of equipment models, manufacturers, software versions and the like, and can also be used for individual authorization of chip IDs, network card addresses and the like of single equipment. The technical scheme of the embodiment of the invention realizes the innovation of software, particularly the authorization mode of embedded terminal software, improves the software cracking cost, ensures the software security, reduces the dependence on a server and hardware, saves the research and development cost, and is suitable for popularization and application.
EXAMPLE five
As shown in fig. 5, fig. 5 is a block diagram of a software authorization system 500 according to a fourth embodiment of the present invention.
The software authorization system 500 in this embodiment includes:
the device information acquisition unit 501 is used by a software authorizer to receive device information collected by a device manufacturer;
an authorization file generating unit 502, configured to generate an authorization file according to the received device information and corresponding authorization information by a software authorizer;
an authorization file sending unit 503, configured to return the authorization file and the software version to the device manufacturer by the software authorizer;
an authorization file integration unit 504, configured to integrate the software version and place the authorization file as required by a device manufacturer;
and an authorization verification unit 505, configured to load the authentication module with software to perform authorization verification after the device runs, and if the verification passes, the device runs normally, otherwise, the device stops running. It should be noted that, after the device operates in this embodiment, the preferred setting mode is to select software to automatically load the authentication module, but the setting mode is not limited to this mode, and the authentication module may also be manually loaded by the user for authorization verification.
For example, in this embodiment, the device information includes, but is not limited to, a device model, vendor information, a network card physical address, etc., and this type of information is required to be read through a standard API (Application Programming Interface), and the read value needs to be consistent with a device Interface display value.
For example, in this embodiment, the device manufacturer fills the device information into the application document template and submits the device information to the software authorizer. Illustratively, in the present embodiment, the authorization information includes, but is not limited to, an authorization manner selected by a software authorizer according to an authorization protocol, and an authorization validity period; the authorization mode selected according to the authorization protocol includes, but is not limited to, performing batch authorization according to the device model, or performing single authorization according to the network card physical address. Finally, the software authorizer selects different authorization modes according to the authorization protocol, such as batch authorization according to the device model, or single authorization according to the network card physical address, and generates one or more authorization files by combining the authorization validity time system.
For example, in this embodiment, the specific process of generating the authorization file according to the received device information and the corresponding authorization information is as shown in fig. 2: s2021, importing/inputting authorization application information, and initializing an authorization file; s2022, analyzing information including but not limited to equipment information and authorization information in the application information, filling the equipment information into DEVICE INFO, and filling the authorization information into LICENCE INFO; s2023, generating an RSA (1024-bit, PKCS #8) key pair; s2024, SHA256 calculation is carried out on DEVICE INFO and LICENCE INFO, then signature is carried out on SHA256 value by RSA private key, and LICENCE HASH is filled in; s2025, modifying the RSA public key, performing confusion encryption, and filling LICENCE KEY; wherein, modifying the RSA public key in this embodiment specifically includes: modifying the RSA public key according to an agreed rule, namely replacing, modifying or mixing up some bit characters in the public key, and protecting the modification process by utilizing the characteristic that a programming language is difficult to decompile; s2026, filling the description content into README; and S2027, outputting the authorization file.
Illustratively, in this embodiment, the authorization verification unit 505 includes: an authentication module verification unit 5051, configured to verify whether the authentication module is legal; an authorization file checking unit 5052 is used for checking whether the authorization file is legal. Illustratively, in this embodiment, as shown in fig. 3, a specific working process of the authentication module check unit 5051 is as follows: 1. starting the software; 2. entering an authorization check flow; 3. generating a random code; 4. calling an authentication module to initialize an interface, namely: transmitting the version number of the authentication module corresponding to the current software and the generated random code to the authentication module; 5. the authentication module checks the version number transmitted by the software, and extracts and restores an RSA private key of a corresponding version; 6. the authentication module uses the RSA private key to sign the random code; 7. the authentication module returns the result of the signature to the software; 8. the software uses a preset RSA public key to verify the signature result returned by the authentication module, if the verification is passed, the validity of the authorization file is verified, otherwise, the authentication module is considered to be illegal, and an error is returned; the specific working process of the authorization file check unit 5052 is as follows: 1. the authentication module carries out validity check on the authorization file and analyzes the authorization file, wherein the validity check comprises checking whether the file content is complete and whether the content format is consistent, hash calculation is carried out on the authorization related content, then the hash result is checked by using an RSA key, whether the authorization related content is tampered is judged, and the authorization file is analyzed after the validity check is passed; 2. the authentication module returns the result of analyzing the authorization file to the software; illustratively, in this embodiment, the returning, by the authentication module, a result of analyzing the authorization file to the software specifically includes: the authentication module returns the result of analyzing the authorization file to the software according to an agreed format, wherein the step of returning the result to the software according to the agreed format comprises the steps of assembling the content such as equipment information, module name, validity period and the like by using a json or xml format and returning the assembled content to the software; 3. the software carries out information retrieval and validity check on the information in the analysis result and returns the final check result to the software; illustratively, the information in the parsing result in this embodiment includes, but is not limited to, an authorization status code, an authorization date, and other information; 4. and the software determines whether to continue running or not according to the authentication result.
In the invention, the authorization file generating unit 502 adopts a plurality of encryption algorithms such as RSA, SHA, confusion encryption and the like in the authorization file generating process; the authentication module verification unit 5051 and the authorization file verification unit 5052 use multiple signature verification in the authorization file validity verification and authentication module validity verification processes, so that the software authorization mode is not easy to crack and high in safety. According to the technical scheme of the embodiment of the invention, the authorization file can be preset, and the activation code does not need to be manually input by a user after the authorization file is preset, so that the method is more suitable for equipment without key input or interfaces on one hand, and on the other hand, the activation code input process is simplified, the user experience is improved, and the use cost of the user is reduced; the technical scheme of the embodiment of the invention adopts an off-line authorization mode, compared with on-line authorization, the link of the authorization server is simplified, the development and maintenance cost of the server is reduced, and the cost is low; the technical scheme of the embodiment of the invention has flexible authorization mode and use scene; the method can be used for batch authorization of equipment models, manufacturers, software versions and the like, and can also be used for individual authorization of chip IDs, network card addresses and the like of single equipment. The technical scheme of the embodiment of the invention realizes the innovation of software, particularly the authorization mode of embedded terminal software, improves the software cracking cost, ensures the software security, reduces the dependence on a server and hardware, saves the research and development cost, and is suitable for popularization and application.
EXAMPLE six
The embodiment of the present invention further provides a storage medium, on which a computer program is stored, wherein the program, when executed by a processor, implements any software authorization method in the first to third embodiments.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. A method of software authorization, comprising the steps of:
s101, a software authorizer receives equipment information collected by an equipment manufacturer;
s102, the software authorizer generates an authorization file according to the received equipment information and the corresponding authorization information;
s103, the software authorizer returns the authorization file and the software version to an equipment manufacturer;
s104, integrating the software version and placing the authorization file according to requirements by a device manufacturer;
and S105, after the equipment runs, the software loads the authentication module and performs authorization verification, if the verification is passed, the software runs normally, otherwise, the software stops running.
2. The software authorization method according to claim 1, wherein the step S102 specifically includes:
s1021, importing/inputting authorization application information and initializing an authorization file;
s1022, analyzing information including but not limited to equipment information and authorization information in the application information, filling the equipment information into DEVICE INFO, and filling the authorization information into LICENCE INFO;
s1023, generating an RSA key pair;
s1024, SHA256 calculation is carried out on DEVICE INFO and LICENCE INFO, then signature is carried out on SHA256 values by using RSA private keys, and LICENCE HASH is filled in;
s1025, modifying the RSA public key, performing obfuscation encryption, and filling LICENCE KEY;
s1026, filling the description into README;
s1027, outputting the authorization file.
3. The software authorization method according to claim 2, wherein the step S105 of loading the authentication module and performing authorization verification includes:
s1051, verifying the validity of an authentication module;
and S1052, verifying the validity of the authorization file.
4. The software authorization method according to claim 3, wherein the verifying the validity of the authentication module in the step S1051 specifically includes:
s10511, starting software;
s10512, entering an authorization check flow;
s10513, generating a random code;
s10514, calling an authentication module initialization interface, namely: transmitting the version number of the authentication module corresponding to the current software and the generated random code to the authentication module;
s10515, the authentication module checks the version number transmitted by the software, extracts and restores the RSA private key of the corresponding version;
s10516, the authentication module uses the RSA private key to sign the random code;
s10517, the authentication module returns the result of the signature to the software;
and S10518, the software uses a preset RSA public key to verify the signature result returned by the authentication module, if the verification is passed, the validity of the authorization file is verified, otherwise, the authentication module is considered to be illegal, and an error is returned.
5. The software authorization method according to claim 4, wherein the verifying the validity of the authorization file in step S1052 specifically includes:
s10521, the authentication module carries out validity check on the authorization file and analyzes the authorization file;
s10522, the authentication module returns the result of analyzing the authorization file to the software;
s10523, the software carries out information retrieval and validity check on the information in the analysis result, and returns the final check result to the software;
and S10524, the software determines whether to continue to run according to the authentication result.
6. The software authorization method according to any of claims 1 to 5, characterized in that the device information collected by the device manufacturer in step S101 includes, but is not limited to, the device model, the manufacturer information, and the network card physical address.
7. The method for software authorization according to claim 6, wherein the authorization information in step S102 includes but is not limited to the selected authorization method according to the authorization protocol, the authorization validity period; the authorization mode selected according to the authorization protocol includes, but is not limited to, performing batch authorization according to the device model, or performing single authorization according to the network card physical address.
8. A software authorization system, comprising:
the device information acquisition unit is used for a software authorizer to receive device information collected by a device manufacturer;
the authorization file generating unit is used for a software authorizer to generate an authorization file according to the received equipment information and the corresponding authorization information;
the authorization file sending unit is used for the software authorizer to return the authorization file and the software version to the equipment manufacturer;
the authorization file integration unit is used for equipment manufacturers to integrate the software versions and place the authorization files according to requirements;
and the authorization verification unit is used for loading the authentication module by the software to perform authorization verification after the equipment runs, normally running if the verification is passed, and stopping running if the verification is not passed.
9. The software authorization system according to claim 8, characterized in that the authorization verification unit comprises:
the authentication module checking unit is used for checking whether the authentication module is legal or not;
and the authorization file checking unit is used for checking whether the authorization file is legal or not.
10. A storage medium having stored thereon a computer program, wherein the program when executed by a processor implements the software authorization method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111283781.6A CN113987421A (en) | 2021-11-01 | 2021-11-01 | Software authorization method, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111283781.6A CN113987421A (en) | 2021-11-01 | 2021-11-01 | Software authorization method, system and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113987421A true CN113987421A (en) | 2022-01-28 |
Family
ID=79745452
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111283781.6A Pending CN113987421A (en) | 2021-11-01 | 2021-11-01 | Software authorization method, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113987421A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114676393A (en) * | 2022-05-26 | 2022-06-28 | 杭州微帧信息科技有限公司 | Software off-line authentication method |
| CN116305010A (en) * | 2023-05-25 | 2023-06-23 | 北京朝歌数码科技股份有限公司 | ADB secure interaction method and device, electronic equipment and readable storage medium |
-
2021
- 2021-11-01 CN CN202111283781.6A patent/CN113987421A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114676393A (en) * | 2022-05-26 | 2022-06-28 | 杭州微帧信息科技有限公司 | Software off-line authentication method |
| CN114676393B (en) * | 2022-05-26 | 2022-08-26 | 杭州微帧信息科技有限公司 | Software off-line authentication method |
| CN116305010A (en) * | 2023-05-25 | 2023-06-23 | 北京朝歌数码科技股份有限公司 | ADB secure interaction method and device, electronic equipment and readable storage medium |
| CN116305010B (en) * | 2023-05-25 | 2023-08-15 | 北京朝歌数码科技股份有限公司 | ADB secure interaction method and device, electronic equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107395614A (en) | Single-point logging method and system | |
| CN101441692B (en) | Method for binding computer hardware and software | |
| CN113987421A (en) | Software authorization method, system and storage medium | |
| CN104869114A (en) | Security model for industrial devices | |
| US20090034730A1 (en) | Process for digital signing of a message | |
| CN111831563A (en) | Automatic interface test method and device and storage medium | |
| KR102013983B1 (en) | Method and server for authenticating an application integrity | |
| US8056137B2 (en) | Communication terminal device and computer device | |
| CN112231702B (en) | Application protection method, device, equipment and medium | |
| CN111200593A (en) | Application login method and device and electronic equipment | |
| CN109582320B (en) | Code writing method and terminal equipment | |
| US10942750B2 (en) | System and method to securely load non-UEFI based file format as OEM based UEFI custom capsule format in UEFI loader | |
| CN115952552A (en) | Remote data destruction method, system and equipment | |
| CN114329358A (en) | Application signature method and system, transaction terminal and service platform | |
| CN1610296B (en) | Method for identifying executable code securely to authentication entity | |
| US20060129828A1 (en) | Method which is able to centralize the administration of the user registered information across networks | |
| CN113127844A (en) | Variable access method, device, system, equipment and medium | |
| CN103559430A (en) | Application account management method and device based on android system | |
| CN111935138B (en) | Protection method and device for secure login and electronic equipment | |
| CN111104363B (en) | FPGA cloud platform using method, device, equipment and medium | |
| US11757646B2 (en) | Methods for generating an encrypted signal simulation with a cryptographic interface card (GCIC) and devices thereof | |
| CN116956364B (en) | Virtualized product integrity verification method, device and system and electronic equipment | |
| CN112883360B (en) | Intelligent registration method and device for application program, computer equipment and storage medium | |
| CN116756784B (en) | System verification method and device, electronic equipment and readable storage medium | |
| CN113515767B (en) | Interface request management method and device based on mixed mode mobile application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |