CN114186199A - License authorization method and device - Google Patents
License authorization method and device Download PDFInfo
- Publication number
- CN114186199A CN114186199A CN202210135699.7A CN202210135699A CN114186199A CN 114186199 A CN114186199 A CN 114186199A CN 202210135699 A CN202210135699 A CN 202210135699A CN 114186199 A CN114186199 A CN 114186199A
- Authority
- CN
- China
- Prior art keywords
- authorization
- time
- file
- license
- service center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 358
- 238000000034 method Methods 0.000 title claims abstract description 57
- 230000004913 activation Effects 0.000 claims abstract description 67
- 238000012795 verification Methods 0.000 claims abstract description 14
- 150000003839 salts Chemical class 0.000 claims abstract description 12
- 238000004590 computer program Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 description 9
- 230000008676 import Effects 0.000 description 7
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 238000009938 salting Methods 0.000 description 3
- 230000003213 activating effect Effects 0.000 description 2
- 238000012550 audit Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/105—Arrangements for software license management or administration, e.g. for managing licenses at corporate level
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2137—Time limited access, e.g. to a computer or data
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a permission authorization method and a device, wherein the method comprises the following steps: obtaining equipment identification based on salt adding encryption and information summarization algorithm; sending an authorization request to an authorization service center based on the equipment identifier, and receiving an authorization file returned by the authorization service center based on the authorization request; decrypting and verifying the authorization file, and authorizing based on verification passing; based on the authorization, storing authorization information and activation time, and recording system time based on a time iterator; and obtaining an authority expiration result based on the system time and the activation time, and judging whether to perform authorization again according to the authority expiration result. According to the invention, the acquired equipment identification is sent to the authorization service center to acquire the authorization file, so that the corresponding product is authorized by using the authorization file, the leakage risk is further reduced, the safety is further improved, and the use copyright of the system and the rights and interests of developers are more effectively protected.
Description
Technical Field
The invention relates to the technical field of system security, in particular to a permission authorization method and a permission authorization device.
Background
License: a software license is a form contract made by a software author with a user to specify and limit the rights of the software user to use the software (or its source code), and the obligation the author should have. License authorization is generally used when software products are delivered to allow users to use application software, and valid information in License, such as the number of resources allowed to be used by the users, the valid period of the allowed use, the owner of the allowed use and the like, is obtained by checking the License file purchased by the users to check the validity of the activation information. And the legal use of the application software is ensured through the complete processes of applying for License, verifying License and activating.
Most of the current license authorizations need to store activation time in advance, verify the licenses by comparing system time with the activation time, further authorize the licenses, utilize the pre-stored activation time, and then determine whether the licenses are due by comparing the system time with the activation time. Since the activation time is a pre-stored fixed time, the actual activation time of each license cannot be matched, and the corresponding activation time needs to be adjusted in real time corresponding to the authorization of each license, which is not beneficial to operation and reduces user experience.
Disclosure of Invention
The invention provides a permission authorization method and a permission authorization device, which are used for solving the defect of inconvenient authorization caused by pre-stored activation time in the prior art, reducing the cost of authorization verification and improving the user experience.
The invention provides a permission authorization method, which comprises the following steps: obtaining equipment identification based on salt adding encryption and information summarization algorithm; sending an authorization request to the authorization service center based on the equipment identification, and receiving an authorization file returned by the authorization service center based on the authorization request; decrypting and verifying the authorization file, and authorizing based on verification passing; storing authorization information and activation time based on the authorization, and recording system time based on a time iterator; and obtaining an authority expiration result based on the system time and the activation time, and judging whether to perform authorization again according to the authority expiration result.
The invention provides a permission authorization method, which comprises the following steps: the storing authorization information and activation time and recording system time based on a time iterator comprises: checking the authorization state, generating a time sequence based on the authorization state, and recording the activation time; and based on the system time jitter, comparing the time after the time jitter with the current time to obtain and record the system time.
The invention provides a permission authorization method, which comprises the following steps: the time after the time jump is compared with the current time based on the system time jump to obtain and record the system time, and the method comprises the following steps: based on the fact that the time after the time jump is larger than the current time, taking the current time as the system time and recording the system time; otherwise, increasing the latest time in the time sequence by one hour as the system time and recording.
The invention provides a permission authorization method, which comprises the following steps: after the receiving the authorization file returned by the authorization service center based on the authorization request, the method further includes: and performing temporary authorization by adopting access authority authentication according to the requirements of the service scene.
The invention provides a permission authorization method, which comprises the following steps: the decrypting and verifying the authorization file includes: decrypting the authorization file; checking the product type and the activation time of the decrypted authorization file; and judging whether the corresponding product is in an authorized time range or not based on the activation time and the product type, and checking whether the decryption authorization file is activated or not.
According to the license authorization method provided by the invention, the authorization file is obtained by encrypting the authorization information determined based on the authorization request by the authorization service center.
The present invention also provides a license authorization apparatus, including: the identification acquisition module is used for acquiring equipment identification based on salt adding encryption and an information summarization algorithm; the file acquisition module is used for sending an authorization request to the authorization service center based on the equipment identifier and receiving an authorization file returned by the authorization service center based on the authorization request; the authorization module is used for decrypting and verifying the authorization file and authorizing based on verification passing; the time recording module is used for storing authorization information and activation time based on the authorization and recording system time based on the time iterator; and the authorization judging module is used for obtaining an authority expiration result based on the system time and the activation time and judging whether to carry out authorization again according to the authority expiration result.
The present invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the license authorization method as described in any of the above when executing the program.
The invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the license authorization method as described in any of the above.
According to the permission authorization method and device provided by the invention, the authorization file is obtained by sending the obtained equipment identifier to the authorization service center, so that the corresponding product is authorized by using the authorization file, the leakage risk is further reduced, the safety is further improved, and the use copyright of the system and the rights and interests of developers are more effectively protected; in addition, the authorization information and the activation time obtained by authorization are automatically recorded to automatically judge whether authorization needs to be carried out again, so that the cost of authorization verification is reduced, and the user experience is improved.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a flow chart of a license authorization method provided by the present invention;
FIG. 2 is a second flowchart of the license authorization method provided by the present invention;
FIG. 3 is a third flowchart of a license authorization method provided by the present invention;
FIG. 4 is a fourth flowchart of the license authorization method provided by the present invention;
FIG. 5 is a schematic flow chart of the system time recording based on the time iterator provided by the present invention;
FIG. 6 is a schematic structural diagram of a license authority provided in the present invention;
fig. 7 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 shows a flow chart of a license authorization method of the present invention, which includes:
s01, obtaining equipment identification based on the salt adding encryption and the information digest algorithm;
s02, sending an authorization request to the authorization service center based on the device identifier, and receiving an authorization file returned by the authorization service center based on the authorization request;
s03, decrypting and verifying the authorization file, and authorizing based on verification passing;
s04, storing authorization information and activation time based on authorization, and recording system time based on a time iterator;
and S05, obtaining the authority expiration result based on the system time and the activation time, and judging whether to carry out authorization again according to the authority expiration result.
It should be noted that S0N in this specification does not represent the sequence of the licensing method, and the licensing method of the present invention is described below with reference to fig. 2 to 5.
And S01, obtaining the equipment identifier based on the salt adding encryption and the information summarization algorithm.
In this embodiment, the obtaining of the device identifier based on the salting encryption and information summarization Algorithm (Message-Digest Algorithm 5, md 5) includes: collecting equipment information; and carrying out salting encryption on the equipment information based on an information digest algorithm. More specifically, the method for salt encryption of the device information based on the information digest algorithm comprises the following steps: and randomly generating fields, combining the randomly generated fields with the pre-collected equipment information based on an information summarization algorithm, and performing summarization to obtain the equipment identification.
The main execution body of the license authorization method is to install a device carrying a license device through software, start the license device after the license device is installed before acquiring device information, and derive the device information. The device information includes device feature information, MAC address, product information, and the like, and the device identifier may be a device unique code.
In an optional embodiment, after salt encryption is performed on the device information based on the information digest algorithm, the method further includes: and writing the ciphertext into the preselected file. It should be noted that the pre-selected file may be selected based on the usage requirement, and is not further limited herein.
And S02, sending an authorization request to the authorization service center based on the device identification, and receiving an authorization file returned by the authorization service center based on the authorization request.
In this embodiment, the authorization file is obtained by encrypting, by the authorization service center, authorization information determined based on the authorization request. It should be noted that, when sending an authorization request to the authorization service center, the device identifier may be derived from the device and imported to the authorization service center to apply for an authorization service, and the authorization service center performs corresponding authorization on the device corresponding to the device identifier based on the received device identifier and the authorization request.
Specifically, the authorizing service center authorizes the device corresponding to the device identifier based on the received device identifier and the authorization request, and includes: determining authorization information based on the authorization request; and generating a key pair, and encrypting the authorization information by using the key pair to obtain an authorization file. It should be noted that the key pair includes a public key and a private key, a license signature certificate is generated by using the private key and authorization information, and the public key is sent to the user as an authorization file, so that the user can verify whether the license signature certificate meets the use condition based on the public key in the actual authorization and authentication process. In addition, the authorization information includes at least one of an authorization time, authorized software, an authorized software version, authorized software functional rights, and a customer mailbox.
In an optional embodiment, referring to fig. 2, after the authorizing service center based on the received device identifier and the authorization request, before performing corresponding authorization on the device corresponding to the device identifier, the method further includes: importing equipment identification and authorization authority, such as an item name, license authorization duration, a product and the like, in an authorization service center; judging the size of the file; judging the length of the device name based on the non-empty file; and correspondingly authorizing the equipment corresponding to the equipment identifier based on the fact that the length of the equipment name is not null, and exporting an authorization file based on the completion of authorization.
In an alternative embodiment, the authorization request includes at least one of an effective time, a product type, a product version, and product rights corresponding to the product content.
In an optional embodiment, after sending the authorization request to the authorization service center, the method further includes: and receiving the authorization file based on the mail mode.
And S03, decrypting and verifying the authorization file, and authorizing based on verification passing.
In this embodiment, decrypting and verifying the authorization file includes: decrypting the authorization file; checking the product type and the activation time of the decrypted authorization file; and judging whether the corresponding product is in the authorized time range or not based on the activation time and the product type, and checking whether the decryption authorization file is activated or not.
It should be noted that, after obtaining the authorization file, the method further includes: and importing the authorization file into the equipment so as to decrypt the authorization file by using a public and private key. In addition, when the product type of the decryption authorization file is checked, whether the product type authorized in the decryption authorization file is the same as the product actually requested by the product type authorized in the decryption authorization file is judged through checking, so that the accuracy of product authorization is improved.
For example, referring to fig. 3, after obtaining the authorization file returned by the authorization service center, the method further includes: importing an authorization file into the device; decrypting the authorization file; judging whether the current time is in the activation time interval, if so, judging whether the current equipment is matched with license; based on the matching, judging whether the current key is activated; and acquiring the current time based on the current key activation, carrying out encryption storage and storing license.
In an optional embodiment, after receiving the authorization file returned by the authorization service center based on the authorization request, the method further includes: and performing temporary authorization by adopting access authority authentication according to the requirements of the service scene. It should be noted that, during temporary authorization, at least one access authorization authentication mode, i.e. an administrator intervention mode, such as fingerprint, face recognition, iris recognition and two-dimensional code is adopted according to the service scene requirements to perform temporary authorization. Further, when the administrator intervenes, the root authority (root) is used, and the audit is performed in the above manner, and the service is used within the system based on the access authority authentication. It should be noted that the temporary authorization may be to record administrator information into the authentication service device in advance, and when the temporary authorization is needed, perform data comparison by calling a system, a fingerprint, a camera, or generating a two-dimensional code, thereby completing the authorization service. The temporary authorization is typically two hours.
S04, storing authorization information and activation time based on authorization, and recording system time based on time iterator.
In this embodiment, storing the authorization information and the activation time, and recording the system time based on the time iterator includes: checking the authorization status; generating a time sequence based on the authorization state, and recording the activation time; and based on the system time jitter, comparing the time after the time jitter with the current time to obtain and record the system time. It should be noted that, during the service operation, if the system time is tampered, the authorization file in use is not invalidated after the system is reinstalled. In addition, in order to facilitate storage of the license file, when the license service is introduced for the first time, a sector is marked in the disk sector for storing the license time sequence, the license authorization content, the temporary authorization data service and the like.
Specifically, based on the system time jitter, comparing the time after the time jitter with the current time to obtain and record the system time, including: based on the time after the time jump being greater than the current time, taking the current time as the system time and recording; otherwise, the latest time in the time series is increased by one hour as the system time and recorded. In other words, after the software is started, the time service is started, and if the software is in an unauthorized state, the time is not saved; if the authorization is successful, creating a time sequence, adding the activation time, recording the time once every hour after the activation, for example, the system time jumps, the time after the time jump is larger than the current time, and recording the current time, for example, the system time jumps, the time after the time jump is smaller than the current time, and recording the time by adding one hour to the latest time in the time sequence.
For example, referring to fig. 4, a time-based iterator records system time, including: acquiring current time; detecting whether the current time is in the time sequence, if so, restarting to obtain the current time; otherwise, acquiring the latest license in the file, decrypting the latest license and acquiring activation time; obtaining the ending time according to the activation time and the effective days; detecting whether the current time is in an effective time interval, namely within an authorization time limit, and if so, storing the current time; otherwise, acquiring the last recorded time of the time sequence, and ending the process based on the fact that the last recorded time is greater than the ending time; and judging whether the time recorded for the last time is greater than the starting time or not based on the fact that the time recorded for the last time is less than or equal to the ending time, if not, ending the process, and if so, adding one hour to the time recorded for the last time to store the file.
And S05, obtaining the authority expiration result based on the system time and the activation time, and judging whether to carry out authorization again according to the authority expiration result.
In this embodiment, obtaining the right expiration result based on the system time and the activation time includes: comparing the system time with the activation time, judging whether the corresponding product is within the authorization time limit, if the system time is behind the activation time and accords with the authorization time limit, the authority is not due; otherwise, the rights expire. In addition, judging whether to reactivate the authorization according to the authority expiration result comprises the following steps: if the authority is not expired based on the authority expiration result, the authorization does not need to be reactivated; otherwise, authorization is carried out again. It should be noted that, the above authorization process may be referred to for re-authorization, and details are not described herein. And the authorized service is applied again by retrieving the equipment identification.
In an alternative embodiment, referring to fig. 5, after obtaining the authorization file sent by the authorization service center, the method further includes: importing an authorization file into the device; decrypting the authorization file; detecting whether the authorized equipment and the actual equipment in the authorization file are the same equipment, and if so, judging whether the equipment is within the authorization time limit; based on the authorization information being stored within the authorization deadline, and the activation time being stored, a time iterator is started.
In summary, the acquisition device identifier is sent to the authorization service center to acquire the authorization file, so that the authorization file is used for authorizing the corresponding product, thereby reducing the leakage risk, further improving the security, and more effectively protecting the usage copyright of the system and the rights and interests of developers; in addition, the authorization information and the activation time obtained by authorization are automatically recorded to automatically judge whether authorization needs to be carried out again, so that the cost of authorization verification is reduced, and the user experience is improved.
The following describes the license authorization apparatus provided by the present invention, and the license authorization apparatus described below and the license authorization method described above may be referred to correspondingly.
Fig. 6 is a schematic structural diagram of a license authority apparatus, including:
the identification acquisition module 61 is used for acquiring equipment identification based on salt adding encryption and an information summarization algorithm;
the file acquisition module 62 sends an authorization request to the authorization service center based on the device identifier, and receives an authorization file returned by the authorization service center based on the authorization request;
the authorization module 63 decrypts and verifies the authorization file, and authorizes the authorization file based on verification passing;
a time recording module 64 that stores authorization information and activation time based on authorization and records system time based on a time iterator;
and the authorization judging module 65 obtains the authority expiration result based on the system time and the activation time, and judges whether to authorize again according to the authority expiration result.
In this embodiment, the identifier obtaining module 61 includes: an information acquisition unit. Collecting equipment information; and the first encryption unit is used for carrying out salting encryption on the equipment information based on the information digest algorithm. Still further, the first encryption unit includes: a field generation subunit for randomly generating a field; and the encryption subunit combines the randomly generated field with the pre-acquired equipment information based on the information abstract algorithm to perform abstract processing to obtain the equipment identifier. It should be noted that the device information includes device feature information, a MAC address, product information, and the like, and the device identifier may be a device unique code.
In an optional embodiment, the identifier obtaining module 61 further includes: and the file writing unit writes the ciphertext into the file selected in advance. It should be noted that the pre-selected file may be selected based on the usage requirement, and is not further limited herein.
And the file acquisition module 62 sends an authorization request to the authorization service center based on the device identifier, and receives an authorization file returned by the authorization service center based on the authorization request. It should be noted that the authorization file is obtained by encrypting, by the authorization service center, authorization information determined based on the authorization request. It should be noted that, when sending an authorization request to the authorization service center, the device identifier may be derived from the device and imported to the authorization service center to apply for an authorization service, and the authorization service center performs corresponding authorization on the device corresponding to the device identifier based on the received device identifier and the authorization request.
The file obtaining module 62 further includes: and the file receiving unit receives the authorization file based on the mail mode.
In an alternative embodiment, the authorization service center includes: an information determination unit that determines authorization information based on the authorization request; and the second encryption unit generates a key pair and encrypts the authorization information by using the key pair to obtain the authorization file. It should be noted that the key pair includes a public key and a private key, a license signature certificate is generated by using the private key and authorization information, and the public key is sent to the user as an authorization file, so that the user can verify whether the license signature certificate meets the use condition based on the public key in the actual authorization and authentication process. In addition, the authorization information includes at least one of an authorization time, authorized software, an authorized software version, authorized software functional rights, and a customer mailbox.
In an optional embodiment, the authorization service center further includes: the data import unit imports equipment identification and authorization authority, such as an item name, license authorization term, a product and the like, in an authorization service center; a file determination unit that determines a file size; a name length judging unit that judges the device name length based on whether the file is empty; and the authorization unit correspondingly authorizes the equipment corresponding to the equipment identifier based on the fact that the length of the equipment name is not null, and derives an authorization file based on authorization completion.
In an optional embodiment, the authorization service center further includes: and a file sending unit for receiving and sending the file based on the mail mode.
An authorization module 63, comprising: the decryption unit is used for decrypting the authorization file; a checking unit for checking the product type and activation time of the decrypted authorization file; and the judging unit judges whether the corresponding product is in the authorization time range or not based on the activation time and the product type, and checks whether the decryption authorization file is activated or not.
In an optional embodiment, the authorization module 63 further includes: and the data import unit imports the authorization file into the equipment so as to decrypt the authorization file by using a public and private key. In addition, when the product type of the decryption authorization file is checked, whether the product type authorized in the decryption authorization file is the same as the product actually requested by the product type authorized in the decryption authorization file is judged through checking, so that the accuracy of product authorization is improved.
For example, the authorization module 63 further includes: the file import unit imports the authorization file into the equipment; the decryption unit is used for decrypting the authorization file; the judging unit is used for judging whether the current time is in the activation time interval or not, and if so, judging whether the current equipment is matched with license or not; an activation judgment unit that judges whether the current key has been activated based on the matching; and the storage unit is used for acquiring the current time based on the current key activation, carrying out encryption storage and storing license.
In an optional embodiment, the authorization module 63 further includes: and the temporary authorization unit adopts access authority authentication to perform temporary authorization according to the service scene requirements. It should be noted that, during temporary authorization, at least one access authorization authentication mode, i.e. an administrator intervention mode, such as fingerprint, face recognition, iris recognition and two-dimensional code is adopted according to the service scene requirements to perform temporary authorization. Further, when the administrator intervenes, the root authority (root) is used, and the audit is performed in the above manner, and the service is used within the system based on the access authority authentication. It should be noted that the temporary authorization may be to record administrator information into the authentication service device in advance, and when the temporary authorization is needed, perform data comparison by calling a system, a fingerprint, a camera, or generating a two-dimensional code, thereby completing the authorization service. The temporary authorization is typically two hours.
A time recording module 64 comprising: a status checking unit for checking an authorization status; the time sequence generating unit generates a time sequence based on the authorization state and records the activation time; and the comparison unit compares the time after the time jump with the current time based on the system time jump to obtain and record the system time. It should be noted that, during the service operation, if the system time is tampered, the authorization file in use is not invalidated after the system is reinstalled. In addition, in order to facilitate storage of the license file, when the license service is introduced for the first time, a sector is marked in the disk sector for storing the license time sequence, the license authorization content, the temporary authorization data service and the like.
Specifically, the comparison unit includes: the comparison subunit takes the current time as the system time and records the system time based on the time after the time jump being greater than the current time; otherwise, the latest time in the time series is increased by one hour as the system time and recorded. For example, the system time is jumped, and the time after the time jump is greater than the current time, which records the current time, and for example, the system time is jumped, and the time after the time jump is less than the current time, which records the system time by adding one hour to the latest time in the time sequence.
In an alternative embodiment, the time recording module 64 includes: a time acquisition unit that acquires a current time; the first detection unit is used for detecting whether the current time is in the time sequence or not, and if so, restarting to obtain the current time; otherwise, acquiring the latest license in the file, decrypting the latest license and acquiring activation time; the ending time obtaining unit is used for obtaining ending time according to the activation time and the valid days; the second detection unit is used for detecting whether the current time is within the valid time interval, namely the authorization time limit, and if so, storing the current time; otherwise, acquiring the last recorded time of the time sequence, and ending the process based on the fact that the last recorded time is greater than the ending time; and judging whether the time recorded for the last time is greater than the starting time or not based on the fact that the time recorded for the last time is less than or equal to the ending time, if not, ending the process, and if so, adding one hour to the time recorded for the last time to store the file.
An authorization judging module 65, including: the authorization judging unit compares the system time with the activation time, judges whether the corresponding product is within an authorization time limit, and if the system time is behind the activation time and accords with the authorization time limit, the authority is not expired; otherwise, the right expires; and the activation authorization unit judges whether to reactivate authorization according to the authority expiration result. In particular, the activation authorization unit comprises: activating the authorization subunit, and if the authority is not expired based on the authority expiration result, not needing to reactivate the authorization; otherwise, authorization is carried out again. It should be noted that, the above authorization process may be referred to for re-authorization, and details are not described herein. And the authorized service is applied again by retrieving the equipment identification.
In an optional embodiment, the apparatus further comprises: the file import module is used for importing the authorization file into the equipment; the decryption module is used for decrypting the authorization file; the detection module is used for detecting whether the authorized equipment and the actual equipment in the authorization file are the same equipment or not, and if so, judging whether the authorized equipment and the actual equipment are within the authorization time limit or not; and the storage module stores the authorization information and the activation time based on the authorization duration and starts the time iterator.
In summary, the device identification acquisition module sends the equipment identification to the authorization service center, and the file acquisition module acquires the authorization file returned by the authorization service center, so that the authorization module authorizes the corresponding product by using the authorization file, thereby reducing the leakage risk, further improving the security, and more effectively protecting the copyright of the system and the rights and interests of developers; in addition, the time recording module is used for automatically recording authorization information and activation time obtained by authorization so as to automatically judge whether authorization needs to be carried out again, the cost of authorization verification is reduced, and the user experience is improved.
Fig. 7 illustrates a physical structure diagram of an electronic device, and as shown in fig. 7, the electronic device may include: a processor (processor)71, a communication Interface (Communications Interface)72, a memory (memory)73 and a communication bus 74, wherein the processor 71, the communication Interface 72 and the memory 73 are communicated with each other via the communication bus 74. Processor 71 may call logic instructions in memory 73 to perform a license authorization method comprising: obtaining equipment identification based on salt adding encryption and information summarization algorithm; sending an authorization request to an authorization service center based on the equipment identifier, and receiving an authorization file returned by the authorization service center based on the authorization request; decrypting and verifying the authorization file, and authorizing based on verification passing; based on the authorization, storing authorization information and activation time, and recording system time based on a time iterator; and obtaining an authority expiration result based on the system time and the activation time, and judging whether to perform authorization again according to the authority expiration result.
In addition, the logic instructions in the memory 73 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform the license authorization method provided by the above methods, the method comprising: obtaining equipment identification based on salt adding encryption and information summarization algorithm; sending an authorization request to an authorization service center based on the equipment identifier, and receiving an authorization file returned by the authorization service center based on the authorization request; decrypting and verifying the authorization file, and authorizing based on verification passing; based on the authorization, storing authorization information and activation time, and recording system time based on a time iterator; and obtaining an authority expiration result based on the system time and the activation time, and judging whether to perform authorization again according to the authority expiration result.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (9)
1. A license authorization method, comprising:
obtaining equipment identification based on salt adding encryption and information summarization algorithm;
sending an authorization request to the authorization service center based on the equipment identification, and receiving an authorization file returned by the authorization service center based on the authorization request;
decrypting and verifying the authorization file, and authorizing based on verification passing;
storing authorization information and activation time based on the authorization, and recording system time based on a time iterator;
and obtaining an authority expiration result based on the system time and the activation time, and judging whether to perform authorization again according to the authority expiration result.
2. The license authorization method according to claim 1, characterized in that the storing authorization information and activation time and recording system time based on a time iterator comprises:
the status of the authorization is checked and,
generating a time sequence based on the authorization state, and recording the activation time;
and based on the system time jitter, comparing the time after the time jitter with the current time to obtain and record the system time.
3. The license authorization method according to claim 2, wherein the comparing the time after the time jump with the current time based on the system time jump to obtain and record the system time comprises:
based on the fact that the time after the time jump is larger than the current time, taking the current time as the system time and recording the system time;
otherwise, increasing the latest time in the time sequence by one hour as the system time and recording.
4. The license authorization method according to claim 1, further comprising, after the receiving the authorization file returned by the authorization service center based on the authorization request: and performing temporary authorization by adopting access authority authentication according to the requirements of the service scene.
5. The license authorization method according to claim 1, wherein the decrypting and verifying the authorization file comprises:
decrypting the authorization file;
checking the product type and the activation time of the decrypted authorization file;
and judging whether the corresponding product is in an authorized time range or not based on the activation time and the product type, and checking whether the decryption authorization file is activated or not.
6. The license authorization method according to claim 1, wherein the authorization file is obtained by encrypting, for the authorization service center, authorization information determined based on the authorization request.
7. A license authority apparatus, comprising:
the identification acquisition module is used for acquiring equipment identification based on salt adding encryption and an information summarization algorithm;
the file acquisition module is used for sending an authorization request to the authorization service center based on the equipment identifier and receiving an authorization file returned by the authorization service center based on the authorization request;
the authorization module is used for decrypting and verifying the authorization file and authorizing based on verification passing;
the time recording module is used for storing authorization information and activation time based on the authorization and recording system time based on the time iterator;
and the authorization judging module is used for obtaining an authority expiration result based on the system time and the activation time and judging whether to carry out authorization again according to the authority expiration result.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the license authorization method according to any of claims 1 to 6 are implemented when the processor executes the program.
9. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the steps of the license authorization method according to any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210135699.7A CN114186199B (en) | 2022-02-15 | 2022-02-15 | License authorization method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210135699.7A CN114186199B (en) | 2022-02-15 | 2022-02-15 | License authorization method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114186199A true CN114186199A (en) | 2022-03-15 |
| CN114186199B CN114186199B (en) | 2022-06-28 |
Family
ID=80545936
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210135699.7A Active CN114186199B (en) | 2022-02-15 | 2022-02-15 | License authorization method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114186199B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114925339A (en) * | 2022-05-31 | 2022-08-19 | 苏州浪潮智能科技有限公司 | Method, device, equipment and medium for managing and controlling permission time of server firmware |
| CN114938299A (en) * | 2022-05-16 | 2022-08-23 | 江苏新质信息科技有限公司 | Device authorization method and device based on application service interface |
| CN115022065A (en) * | 2022-06-15 | 2022-09-06 | 聚好看科技股份有限公司 | License authentication method and system |
| CN115859337A (en) * | 2023-02-14 | 2023-03-28 | 杭州大晚成信息科技有限公司 | Kernel-based method, device, server and medium for preventing device cracking |
| CN117077089A (en) * | 2023-08-30 | 2023-11-17 | 中国广电四川网络股份有限公司 | Algorithm authorization system and method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103312513A (en) * | 2013-06-19 | 2013-09-18 | 北京华胜天成科技股份有限公司 | Method and system for verifying use authorization in distributed environment |
| US20170041793A1 (en) * | 2015-08-07 | 2017-02-09 | Qualcomm Incorporated | Subsystem for authorization and activation of features |
| US20180285553A1 (en) * | 2017-03-28 | 2018-10-04 | Hongfujin Precision Electronics (Tianjin) Co.,Ltd. | Software protection system and method |
| CN111708991A (en) * | 2020-06-17 | 2020-09-25 | 腾讯科技(深圳)有限公司 | Service authorization method, service authorization device, computer equipment and storage medium |
| CN112699342A (en) * | 2021-03-24 | 2021-04-23 | 统信软件技术有限公司 | Authorization control method, authorization device and computing equipment |
-
2022
- 2022-02-15 CN CN202210135699.7A patent/CN114186199B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103312513A (en) * | 2013-06-19 | 2013-09-18 | 北京华胜天成科技股份有限公司 | Method and system for verifying use authorization in distributed environment |
| US20170041793A1 (en) * | 2015-08-07 | 2017-02-09 | Qualcomm Incorporated | Subsystem for authorization and activation of features |
| US20180285553A1 (en) * | 2017-03-28 | 2018-10-04 | Hongfujin Precision Electronics (Tianjin) Co.,Ltd. | Software protection system and method |
| CN111708991A (en) * | 2020-06-17 | 2020-09-25 | 腾讯科技(深圳)有限公司 | Service authorization method, service authorization device, computer equipment and storage medium |
| CN112699342A (en) * | 2021-03-24 | 2021-04-23 | 统信软件技术有限公司 | Authorization control method, authorization device and computing equipment |
| CN113326482A (en) * | 2021-03-24 | 2021-08-31 | 统信软件技术有限公司 | Authorization control method, authorization device and computing equipment |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114938299A (en) * | 2022-05-16 | 2022-08-23 | 江苏新质信息科技有限公司 | Device authorization method and device based on application service interface |
| CN114938299B (en) * | 2022-05-16 | 2024-03-12 | 江苏新质信息科技有限公司 | Device authorization method and device based on application service interface |
| CN114925339A (en) * | 2022-05-31 | 2022-08-19 | 苏州浪潮智能科技有限公司 | Method, device, equipment and medium for managing and controlling permission time of server firmware |
| CN115022065A (en) * | 2022-06-15 | 2022-09-06 | 聚好看科技股份有限公司 | License authentication method and system |
| CN115022065B (en) * | 2022-06-15 | 2023-06-20 | 聚好看科技股份有限公司 | License authentication method and system |
| CN115859337A (en) * | 2023-02-14 | 2023-03-28 | 杭州大晚成信息科技有限公司 | Kernel-based method, device, server and medium for preventing device cracking |
| CN117077089A (en) * | 2023-08-30 | 2023-11-17 | 中国广电四川网络股份有限公司 | Algorithm authorization system and method |
| CN117077089B (en) * | 2023-08-30 | 2024-03-12 | 中国广电四川网络股份有限公司 | Algorithm authorization system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114186199B (en) | 2022-06-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114186199B (en) | License authorization method and device | |
| CN110162936B (en) | Software content use authorization method | |
| US9069936B2 (en) | Licensing verification for application use | |
| US5935246A (en) | Electronic copy protection mechanism using challenge and response to prevent unauthorized execution of software | |
| EP1342149B1 (en) | Method for protecting information and privacy | |
| EP0881559B1 (en) | Computer system for protecting software and a method for protecting software | |
| US10992480B2 (en) | Method and system for performing a transaction and for performing a verification of legitimate access to, or use of digital data | |
| CN110414248B (en) | Method for debugging microprocessor and microprocessor | |
| JPH11231775A (en) | Device and method for conditional authentication | |
| WO2017000648A1 (en) | Authentication method and apparatus for reinforced software | |
| JP2006311529A (en) | Authentication system and authentication method therefor, authentication server and authentication method therefor, recording medium, and program | |
| US20090119505A1 (en) | Transaction method and verification method | |
| CN112417385A (en) | Safety control method and system | |
| US6651169B1 (en) | Protection of software using a challenge-response protocol embedded in the software | |
| US20120109784A1 (en) | Method and system for automating protection of media files for download | |
| CN111932261A (en) | Asset data management method and device based on verifiable statement | |
| US20070271456A1 (en) | Method and System for Performing a Transaction and for Performing a Verification of Legitimate Access to, or Use of Digital Data | |
| JP3985461B2 (en) | Authentication method, content sending device, content receiving device, authentication system | |
| CN1559026A (en) | Method and apparatus for protecting information from unauthorised use | |
| CN112383577A (en) | Authorization method, device, system, equipment and storage medium | |
| CN115225286A (en) | Application access authentication method and device | |
| CN111740938B (en) | Information processing method and device, client and server | |
| CN112887099A (en) | Data signature method, electronic device and computer readable storage medium | |
| CN111444118B (en) | Process protection method, device, terminal equipment and storage medium | |
| CN113672898B (en) | Service authorization method, authorization device, system, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |