CN114266017B - Software licensing method and electronic equipment - Google Patents
Software licensing method and electronic equipment Download PDFInfo
- Publication number
- CN114266017B CN114266017B CN202111650393.7A CN202111650393A CN114266017B CN 114266017 B CN114266017 B CN 114266017B CN 202111650393 A CN202111650393 A CN 202111650393A CN 114266017 B CN114266017 B CN 114266017B
- Authority
- CN
- China
- Prior art keywords
- client
- identity
- license
- server
- page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application provides a software licensing method and an electronic device, wherein the method comprises the following steps: receiving a first identity certificate sent by a first client and identity information of at least one second client; under the condition that the first identity certificate passes verification, registering a second identity certificate based on identity information of a second client, and granting a second authority to the second client; acquiring a second identity certificate sent by a second client, and verifying the second identity certificate; under the condition that the second identity certificate passes verification, an activation code is generated and fed back to the second client based on the master license; wherein the activation code is used for activating specific software installed on the terminal device. Therefore, each department can manage the use permission of the specific software through the second client, can integrally coordinate the use permission of the specific software through the first client in the organization level, has higher flexibility and can meet the management requirement of a large enterprise.
Description
Technical Field
The present application relates to the field of software licensing technologies, and in particular, to a software licensing method and an electronic device.
Background
Floating licensing is a software licensing method that requires a license server at the end user's location to which every computer or device in the network needs to be connected. The license server is used to manage the licenses for sharing. Floating licenses allow a user to use any machine in the same network, when the user wishes to run a software product, a license is requested from a license server, which issues a license if one is available. When the user has used up the software product, or the allowed license terms have expired, the license server will reclaim the licenses and provide them to other users. The license file is typically bound to the host ID of the license server by a MAC address or other hardware information. The number of licenses registered on the license server limits the number of concurrent users. The floating permission is adopted, so that the software use cost can be reduced, and the software use is more flexible. However, the existing floating permission mechanism still has poor management flexibility, cannot realize permission isolation among departments, and cannot meet the management requirements of large enterprises.
Disclosure of Invention
In view of the foregoing problems in the prior art, the present application provides a software licensing method and an electronic device, and the technical solution adopted in the embodiments of the present application is as follows:
the first aspect of the present application provides a software licensing method, applied to a server, including:
receiving a first identity certificate sent by a first client and identity information of at least one second client; the first identity certificate is used for uniquely identifying the first client, the first client has a main permission, the main permission is used for granting a first permission to the first client, and the first permission comprises the use permission of a first number of terminal devices to specific software;
under the condition that the first identity certificate passes verification, registering a second identity certificate based on identity information of a second client, and granting a second right to the second client, wherein the second right comprises the use right of managing a second number of terminal devices to the specific software, and the second number is smaller than or equal to the first number;
acquiring the second identity certificate sent by the second client, and verifying the second identity certificate;
if the second identity certificate passes verification, an activation code is generated and fed back to the second client based on the master license; the activation code is used for activating specific software installed on the terminal equipment.
In some embodiments, the method further comprises:
generating a first page associated with the first identity credential and a first address of the first page;
feeding back the first address to the first client; the first address is configured to enable the second client to acquire the first page by using the first address and access the server by using the first page.
In some embodiments, the obtaining the second identity credential sent by the second client and verifying the second identity credential includes:
feeding back the first page to the second client in response to receiving the first address sent by the second client;
receiving the second identity certificate sent by the second client through the first page, and verifying the second identity certificate;
verifying the second identity credential based on a first identity credential associated with the first page.
In some embodiments, the method further comprises:
receiving an activation code sent by a terminal device and device information used for identifying the terminal device;
and generating and sending a first sub-license to the terminal device based on the main license, the activation code and the device information so as to grant the terminal device the authority to use the specific software.
In some embodiments, the method further comprises:
receiving an inquiry request sent by the terminal equipment, wherein the inquiry request is used for requesting to inquire the permission state of the first sub-permission;
and under the condition that the first sub-license is determined to be in the valid state, feeding back first response information to the terminal equipment to inform the terminal equipment that the first sub-license is in the valid state.
In some embodiments, the method further comprises:
receiving an inquiry request sent by the terminal equipment, wherein the inquiry request is used for requesting to inquire the permission state of the first sub-permission;
and under the condition that the first sub-license is determined to be in the state to be updated, generating a second sub-license, and sending the second sub-license to the terminal equipment so that the terminal equipment replaces the first sub-license by the second sub-license.
In some embodiments, the method further comprises:
receiving an inquiry request sent by the terminal equipment, wherein the inquiry request is used for requesting to inquire the permission state of the first sub-permission;
and feeding back second response information to the terminal equipment to indicate the terminal equipment to delete the held first sub-license under the condition that the first sub-license is determined to be in an invalid state.
In some embodiments, the method further comprises:
receiving an operation request sent by the second client, wherein the operation request is used for requesting to execute a specified operation on the first sub-license, and the operation request contains identification information for identifying the first sub-license;
performing the specified operation on the first sub-license based on the operation request.
A second aspect of the present application provides a software licensing method, applied to a server, including:
in response to receiving a second identity certificate sent by a second client, verifying the second identity certificate; wherein the second identity credential is used for proving the identity of the second client, the second identity credential is associated with a first identity credential of a first client, the first client has a master license, the master license is used for granting a first right to the first client, the first right comprises the use right of a first number of terminal devices to specific software, the second client has a second right, the second right comprises the use right of a second number of terminal devices to the specific software, and the second number is less than or equal to the first number;
if the second identity certificate passes verification, an activation code is generated and fed back to the second client based on the master license; wherein, the activation code is used for activating the specific software installed on the terminal equipment.
In some embodiments, the method further comprises:
receiving an activation code sent by a terminal device and device information used for identifying the terminal device;
and generating and sending a first sub-license to the terminal device based on the main license, the activation code and the device information so as to grant the terminal device the use right of the specific software.
In some embodiments, the method further comprises:
receiving the first identity certificate sent by the first client and identity information of at least one second client;
and under the condition that the first identity certificate passes verification, registering the second identity certificate based on the identity information of the second client, and granting the second authority to the second client.
The third aspect of the present application provides a software licensing method, applied to a second client, including:
sending a second identity certificate for uniquely identifying the identity of the second client to a server; wherein the second identity credential is associated with a first identity credential of a first client, the first client having a master license for granting a first right to the first client, the first right comprising usage rights of a first number of terminal devices to a particular software, the second client having a second right comprising management of usage rights of a second number of terminal devices to the particular software, the second number being less than or equal to the first number;
receiving an activation code fed back by the server under the condition that the second identity certificate passes verification; wherein the activation code is associated with the master license for activating the specific software installed on the terminal device.
A fourth aspect of the present application provides an electronic device comprising at least a memory having a program stored thereon and a processor implementing the method as described above when executing the program on the memory.
According to the software licensing method of the embodiment of the application, an organization can license the use authority of the specific software to second clients held by one or more secondary managers according to an internal organization structure, requests to acquire the activation code from the server through the second clients, and distributes the activation code to the managed terminal equipment, so that the corresponding terminal equipment can activate the installed specific software. Therefore, each department can manage the use permission of the specific software through the second client, and can integrally coordinate the use permission of the specific software through the first client in an organizational level, so that the method has higher flexibility and can meet the management requirements of large enterprises.
Drawings
FIG. 1 is a system architecture diagram of a system to which the software licensing method of the first embodiment of the present application is applied;
FIG. 2 is a flowchart of a software licensing method according to a first embodiment of the present application;
FIG. 3 is a flowchart of step S130 of the software licensing method of the first embodiment of the present application;
FIG. 4 is a detailed flowchart of a software licensing method according to a first embodiment of the present application;
FIG. 5 is a flow chart of a software licensing method of the second embodiment of the present application;
FIG. 6 is a flowchart of a software licensing method of the third embodiment of the present application;
fig. 7 is a block diagram of an electronic device according to a fourth embodiment of the present application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
A first embodiment of the present application provides a software licensing method, which is applied to a server, where the server may be formed by hardware or software. When the server is hardware, the server may include a plurality of servers, the plurality of servers may form a distributed server cluster, and the server may also include a single server. When the server is software, the server may include a plurality of pieces of software or software modules, or may include a single piece of software or software module. When the server is software, the software may be installed on hardware as described above.
Referring to fig. 1 and 2, the software licensing method may specifically include the following steps.
S110, receiving the first identity certificate sent by the first client and the identity information of at least one second client.
The first client may be a primary client of an organization. The organization may be a corporate organization or an illegal organization, and the organization type is not limited herein. The first client has a first identity credential capable of uniquely identifying its identity. Optionally, the first identity credential includes, but is not limited to, a key, a certificate, or a code or string that can uniquely identify the first client, or the first identity credential may also include an account name and a password.
The first client further has a master license for granting a first right to the first client, the first right including usage rights of a first number of terminal devices to specific software. That is, the organization is granted a usage right to use a first number of terminal devices simultaneously with a specific software through the master license. The master license may include information related to the name of the software, the number of the software, the term of the license, the number of licenses (i.e., the first number), the first identity credential, and so on.
Optionally, the first identity certificate and the main license may be registered or issued by a software developer, or registered or issued by a service provider providing a software license service, as long as the service provider stores the first identity certificate and the main license in association. For example, when the first client logs in for the first time, identity information such as name, address, contact information and the like can be sent to the server. Generating, by the server, a first identity credential based on the identity information of the first client. When a first client side wants to obtain the use right of software, a software license request can be sent to a server side, the software license request interacts with the server side to determine license information such as license period, license amount and license cost, and the server side can issue a main license to the first client side based on the license information. The first identity credential may be generated prior to or in addition to the generation of the master license. Taking the master license as a data packet and the first identity credential as a key, the key may be generated together with the generation of the data packet.
Under the condition that the first client side has obtained the main permission, the first client side can also request the server side to open one or more secondary client sides held by secondary managers. That is, the first client may request the server to open one or more second clients affiliated with the first client. For example, the enterprise software management component may set up a specialist for managing software licensing issues for various departments of the enterprise, and the second client may be a client held by the respective specialist. For example, if the software licensing issues of each part are taken charge of by the supervisor of each part, the second client is the client held by the supervisor of each department. At this time, the first client may send the first identity credential and identity information of the second client to the server, for example, an account name, an account password, a contact address, and other information of the second client that can characterize the identity of the second client.
And S120, under the condition that the first identity certificate passes verification, registering a second identity certificate based on the identity information of the second client, and granting a second right to the second client, wherein the second right comprises the right of managing the use of a second number of terminal devices to the specific software, and the second number is less than or equal to the first number.
Optionally, the first client may send the first identity credential to the server through the login page, and the server verifies the first identity credential. And under the condition that the first identity certificate passes verification, the server side can feed back a registration page to the first client side, and the first client side can send management information such as identity information, the second quantity, a management period and the like of the second client side to the server side through the registration page. The server registers a second identity certificate based on the identity information of the second client, configures the management authority of the second client based on the management information such as a second quantity, a management period and the like, and constructs the association relationship between the first client and the second client.
Alternatively, the second number may be configured to be equal to the first number. For example, the master license grants the first client the usage right of one hundred terminal devices to use the specific software at the same time, and the first client can grant the usage right of the one hundred terminal devices to the specific software to the second client for management.
Alternatively, the second number may be smaller than the first number. For example, the master license grants a first client a usage right of one hundred terminal devices to use the specific software at the same time, and the first client may register two second clients, which respectively grant the usage rights of fifty terminal devices to use the specific software.
S130, the second identity certificate sent by the second client is obtained, and the second identity certificate is verified.
When the terminal device needs to be granted with the use right of the specific software, the second client side can send the second identity certificate to the server side, and the server side verifies the validity of the second identity certificate after receiving the second identity certificate.
Optionally, when the second identity credential includes an account name and an account password, the server may verify whether the account name exists and verify whether the account name and the account password correspond to each other. Optionally, in a case that the second identity credential includes a key, a certificate, and a character string capable of uniquely identifying the identity of the second client, the server may match the key, the certificate, or the character string with the identity credential stored in the database, and the server may also verify the validity of the key, the certificate, or the character string based on a specific algorithm.
As shown in fig. 4, the server may generate a first page associated with the first identity credential and a first address of the first page. Feeding back the first address to the first client; the first address is configured to enable the second client to acquire the first page by using the first address and access the server by using the first page. That is, the first page is actually the landing page for the second client.
Optionally, the server may create one or more first pages associated with the first identity credential specifically for each first client, and the server may also create the first pages associated with each second client belonging to the first client separately for each second client. For example, where a first client has two second clients associated with it, the server may create one first page, which two second clients share in registration with. The server side can also respectively create a first page for the two second clients, respectively generate first addresses used for identifying the first pages, and the two second clients log in through the first pages associated with the two second clients. After the creation of the first page is completed, the server can feed back the first address to the first client. The first client may distribute the first address to the respective second clients.
On this basis, as shown in fig. 3 and fig. 4, step S130 is performed, where the obtaining of the second identity credential sent by the second client and the verifying of the second identity credential may include.
S131, responding to the first address sent by the second client, and feeding back the first page to the second client.
S132, receiving the second identity certificate sent by the second client through the first page, and verifying the second identity certificate.
S133, verifying the second identity credential based on the first identity credential associated with the first page.
Optionally, when the second client needs to log in, the second client may send an access request to the server based on the first address, and when the server receives the access request, the server searches for the first page based on the first address and feeds back the first page to the second client.
The first page may include a login window, and the second client may input a second identity credential, such as an account name and a password, into the login window and send the second identity credential to the server by selecting a login option.
Under the condition that the server side obtains the second identity voucher, the server side can determine the first identity voucher associated with the first page based on the association relation between the first page and the first identity voucher, then determine the second identity voucher which is stored by the server side and associated with the first identity voucher based on the association relation between the first identity voucher and the second identity voucher, and verify the received second identity voucher based on the stored second identity voucher.
Therefore, as long as the first identity certificates used for identifying the first client are different, the second identity certificates of the second-level clients of different organizations can be the same, so that a larger degree of freedom is provided for the organizations to register the second identity certificates of the second-level clients to which the organizations belong, and enterprise management is facilitated.
And S140, under the condition that the second identity certificate passes verification, generating and feeding back an activation code to the second client based on the master license.
Optionally, the server may verify a second authority of the second client based on the second identity credential when the second identity credential passes the verification, and generate the activation code based on the master license, the first identity credential, and the second identity credential when the second authority passes the verification, and feed the activation code back to the second client.
For example, the number of terminal devices managed by the second client and the number of terminal devices for which the second client requests the server to grant the usage right for the specific software are determined. And when the number of the terminal devices which the second client requests the server to grant the use permission to the specific software is smaller than the second number, indicating that the second client can still request the server to grant the use permission to the specific software to the new terminal device within the second permission range. At this time, the server side can call the first identity certificate and the main permission based on the incidence relation between the second identity certificate and the first identity certificate, generate the activation code based on the first identity certificate, the second identity certificate and the main permission, and feed back the activation code to the second client side, so that the second client side forwards the activation code to the terminal device.
Alternatively, the activation code may be used as a credential to grant a non-specific terminal device access to specific software, and the terminal device may activate the specific software installed on the terminal device using the activation code. For example, the activation code may be entered into an activation window for a particular piece of software to activate the particular piece of software.
According to the software licensing method of the embodiment of the application, an organization can license the use authority of the specific software to second clients held by one or more secondary managers according to an internal organization structure, requests to acquire the activation code from the server through the second clients, and distributes the activation code to the managed terminal equipment, so that the corresponding terminal equipment can activate the installed specific software. Therefore, each department can manage the use permission of the specific software through the second client, can integrally coordinate the use permission of the specific software through the first client in the organization level, has higher flexibility and can meet the management requirement of a large enterprise.
In some embodiments, the method further comprises:
s150, receiving an activation code sent by a terminal device and device information used for identifying the terminal device;
and S160, generating and sending a first sub-license to the terminal device based on the main license, the activation code and the device information so as to grant the terminal device the authority to use the specific software.
And after the second client acquires the activation code, the activation code can be distributed to the terminal equipment needing to use the specific software. Alternatively, where the particular software itself has an activation window, the activation code may be entered directly into the activation window. The terminal equipment can send the activation code and the equipment information to the server to request the server to activate the specific software. Optionally, in a case where an application program for activating the specific software is installed on the terminal device, the activation code may also be input into the application program, so that the terminal device sends the activation code and the device information to the server based on the application program.
The device information includes one or more types of information capable of uniquely identifying the terminal device. The device information includes, but is not limited to, a product serial number (SN code), a MAC address, an IP address, and the like. The device information may be actively entered by the user using the input device or may be actively obtained by the particular software or application. When the user selects the activation option, the terminal equipment can send the activation code and the equipment information to the server.
Optionally, the service end acquires the activation code, and may verify the validity of the activation code. In the event that the activation code verification passes, an association between the activation code and the device information may be constructed. The first identity credential, the second identity credential, and the master license may also be obtained based on an association between the activation code and the master license. Then, a first sub-license is generated based on the first identity credential, the second identity credential, the master license, the activation code, and the device information.
Alternatively, the first sub-license may be represented as a data packet. The server, upon acquiring the first identity credential, the second identity credential, the master license, the activation code, and the device information, may assemble a data packet based on one or more of these pieces of information. Then, the data packet is sent to the terminal device, so that the terminal device can start all or part of the use functions of the specific software based on the data packet. A software activation mode with simple and convenient operation is provided for the terminal equipment.
In some embodiments, the method further comprises:
s170, receiving an operation request sent by the second client, where the operation request is used to request to perform a specified operation on the first sub-license, and the operation request includes identification information for identifying the first sub-license;
s180, based on the operation request, executing the specified operation on the first sub-permission.
Optionally, the second client is not limited to requesting the server to grant the usage right of the specific software to the terminal device, and may also request the server to revoke the first sub-license, or change the license duration and/or license content of the first sub-license, that is, the specifying operation may include revoking the first sub-license, or changing the license duration, license content, and the like of the first sub-license.
For example, the second permission of the second client includes management of usage permissions of ten terminal devices for specific software, the second client has requested the server to issue ten first sub-permissions, and if the second client needs to request the server to grant the usage permissions of the specific software to another terminal device, the second client first needs to request the server to revoke one or more issued first sub-permissions. At this time, the second client may send a revoke request to the server to request the server to revoke the specified first sub-license, where the revoke request may include identification information capable of identifying the first sub-license that needs to be revoked. The identification information may include, but is not limited to, a license number, an activation code, or other information that uniquely identifies the first sub-license.
For example, when the license period of a first sub-license is about to expire, the second client may send a change request to the server to request the server to change the license period of the first sub-license. Or, when a certain terminal device needs to obtain more use functions of specific software, the second client may send a change request to the server to request the server to change the license content of the corresponding first sub-license.
Optionally, before or after the server acquires the operation request, the server may require the second client to provide the second identity credential and verify the second identity credential provided by the second client. And if the second identity certificate passes the verification, the server side can execute a revocation operation or a change operation and the like on the corresponding first sub-permission based on the operation request. Therefore, the management authority of the second client can be expanded, and the management flexibility is improved.
In some embodiments, the method further comprises: and S190, receiving an inquiry request sent by the terminal device, wherein the inquiry request is used for requesting to inquire the permission state of the first sub-permission.
Optionally, the permission status of the first sub-permission may include a valid status, a to-be-updated status, and an invalid status.
The valid state indicates that the first sub-license has not expired and has not been actively revoked, and the license content of the first sub-license has not changed, the terminal device can normally use the specific software based on the first sub-license. If the server determines that the first sub-license is in the valid state, the server may feed back first response information to the terminal device to notify the terminal device that the first sub-license is in the valid state, and the terminal device does not perform any operation on the saved first sub-license.
The license period or license contents whose status to be updated is the first sub-license is changed. For example, the license terms are extended, the license rights are increased, or other licensed content is changed. The change may be caused by the second client actively sending an operation request to the server, or may be triggered by a software developer. For example, when a software developer updates a software version and expands the use function of software, the first sub-license needs to be updated so that the terminal device can start a new use function. If the server determines that the first sub-license is in a to-be-updated state, the updated second sub-license can be sent to the terminal device, so that the terminal device replaces the first sub-license through the second sub-license. Optionally, the server may generate the second sub-license already before receiving the query request, or may generate the second sub-license after receiving the query request and determining that the first sub-license is in the to-be-updated state. However, when it is determined that the first sub-license is in the to-be-updated state, the updated second sub-license may be transmitted to the terminal device.
The invalid state indicates that the first sub-license has been invalidated and that the terminal device no longer has usage rights for the specific software. The first sub-license may be expired due to the license expiration, or may be due to the second client actively sending a revocation request to the server, or the server actively revokes the first sub-license based on a usage rule agreed with the first client or the second client in advance. Of course, the failure of the first sub-license may be due to other reasons as well. And if the server determines that the first sub-license is in an invalid state, feeding back second response information to the terminal equipment to instruct the terminal equipment to delete the held first sub-license, and accordingly, the specific software can lose the corresponding use function.
The second embodiment of the application provides a software licensing method, which is applied to a server. Fig. 5 is a flowchart of a software licensing method according to a second embodiment of the present application, and referring to fig. 5, the software licensing method may specifically include the following steps.
S210, responding to the second identity certificate sent by the second client, and verifying the second identity certificate.
The first client may be a primary client of an organization and the second client may be a secondary client of the organization. The organization may be a corporate organization or an illegal organization, and the organization type is not limited herein. The first client has a first identity credential capable of uniquely identifying its identity. Optionally, the first identity credential includes, but is not limited to, a key, a certificate, or a code or string that can uniquely identify the first client, or the first identity credential may also include an account name and a password.
The first client further has a master license for granting a first right to the first client, the first right including usage rights of a first number of terminal devices to specific software. That is, the organization is granted a usage right to use a first number of terminal devices simultaneously with a particular software through the master license. The master license may include information related to the name of the software, the number of the software, the term of the license, the number of licenses (i.e., the first number), the first identity credential, and so on.
Optionally, the first identity certificate and the main license may be registered or issued by a software developer, or registered or issued by a service provider providing a software license service, as long as the service provider stores the first identity certificate and the main license in association. For example, when the first client logs in for the first time, identity information such as name, address, contact information and the like can be sent to the server. And generating a first identity certificate by the server side based on the identity information of the first client side. When a first client side wants to obtain the use right of software, a software license request can be sent to a server side, the software license request interacts with the server side to determine license information such as license period, license amount and license cost, and the server side can issue a main license to the first client side based on the license information. The first identity credential may be generated prior to or together with the master license. Taking the master license as a data packet and the first identity credential as a key, the key may be generated together with the generation of the data packet.
The second client has a second identity credential that uniquely identifies the identity of the second client. The second identity credential may include an account name and an account password, the second identity credential also containing a key, a certificate, and a string that is capable of uniquely identifying the identity of the second client.
When the terminal equipment needs to be granted with the use right of the specific software, the second client side can send the second identity certificate to the server side, and the server side verifies the validity of the second identity certificate after receiving the second identity certificate.
Optionally, when the second identity credential includes an account name and an account password, the server may verify whether the account name exists and verify whether the account name and the account password correspond to each other. Optionally, in a case that the second identity credential includes a key, a certificate, and a character string capable of uniquely identifying the identity of the second client, the server may match the key, the certificate, or the character string with the identity credential stored in the database, and the server may also verify the validity of the key, the certificate, or the character string based on a specific algorithm.
Optionally, the server may generate a first page associated with the first identity credential and a first address of the first page. Feeding back the first address to the first client; the first address is configured to enable the second client to acquire the first page by using the first address and access the server by using the first page. That is, the first page is actually the landing page for the second client.
Optionally, the server may create one or more first pages associated with the first identity credential specifically for each first client, and the server may also create the first pages associated with each second client belonging to the first client separately for each second client. For example, where a first client has two second clients associated with it, the server may create one first page, which two second clients share in login. The server side can also respectively create a first page for the two second clients, respectively generate first addresses used for identifying the first pages, and the two second clients log in through the first pages associated with the two second clients. After the server side completes the creation of the first page, the first address can be fed back to the first client side. The first client may distribute the first address to the respective second clients.
On this basis, step S210, the verifying the second identity credential, in response to receiving the second identity credential sent by the second client, may include.
S211, responding to the first address sent by the second client, and feeding back the first page to the second client.
S212, receiving the second identity certificate sent by the second client through the first page, and verifying the second identity certificate.
S213, verifying the second identity credential based on the first identity credential associated with the first page.
Optionally, when the second client needs to log in, the second client may send an access request to the server based on the first address, and when the server receives the access request, the server searches for the first page based on the first address and feeds back the first page to the second client.
The first page can comprise a login window, the second client can input a second identity certificate such as an account name and a password into the login window, and the second identity certificate is sent to the server by selecting a login option.
Under the condition that the server side obtains the second identity certificate, the server side can determine the first identity certificate associated with the first page based on the association relation between the first page and the first identity certificate, then determine the second identity certificate associated with the first identity certificate and stored by the server side based on the association relation between the first identity certificate and the second identity certificate, and verify the received second identity certificate based on the stored second identity certificate.
Therefore, as long as the first identity certificates used for identifying the first client are different, the second identity certificates of the second-level clients of different organizations can be the same, so that a larger degree of freedom is provided for the organizations to register the second identity certificates of the second-level clients to which the organizations belong, and enterprise management is facilitated.
S220, under the condition that the second identity certificate passes verification, an activation code is generated and fed back to the second client side based on the master license; the activation code is used for activating specific software installed on the terminal equipment.
Optionally, the server may verify a second authority of the second client based on the second identity credential when the second identity credential passes the verification, and generate the activation code based on the master license, the first identity credential, and the second identity credential when the second authority passes the verification, and feed the activation code back to the second client.
For example, the number of terminal devices managed by the second client and the number of terminal devices for which the second client requests the server to authorize the usage right for the specific software are determined. And under the condition that the number of the terminal devices of which the second client requests the server to grant the use permission for the specific software is less than the second number, indicating that the second client can still request the server to grant the use permission for the specific software to the new terminal device within the second permission range. At this time, the server side can call the first identity certificate and the main permission based on the incidence relation between the second identity certificate and the first identity certificate, generate the activation code based on the first identity certificate, the second identity certificate and the main permission, and feed back the activation code to the second client side, so that the second client side forwards the activation code to the terminal device.
Alternatively, the activation code may be used as a credential to grant a non-specific terminal device access to specific software, and the terminal device may activate the specific software installed on the terminal device using the activation code. For example, the activation code may be entered into an activation window of a particular software to activate the particular software.
According to the software licensing method of the embodiment of the application, an organization can license the use authority of the specific software to second clients held by one or more secondary managers according to an internal organization structure, requests to acquire the activation code from the server through the second clients, and distributes the activation code to the managed terminal equipment, so that the corresponding terminal equipment can activate the installed specific software. Therefore, each department can manage the use permission of the specific software through the second client, and can integrally coordinate the use permission of the specific software through the first client in an organizational level, so that the method has higher flexibility and can meet the management requirements of large enterprises.
In some embodiments, the method further comprises:
receiving an activation code sent by a terminal device and device information used for identifying the terminal device;
and generating and sending a first sub-license to the terminal device based on the main license, the activation code and the device information so as to grant the terminal device the use right of the specific software.
In some embodiments, the method further comprises:
receiving the first identity certificate sent by the first client and identity information of at least one second client;
and under the condition that the first identity certificate passes verification, registering the second identity certificate based on the identity information of the second client, and granting the second authority to the second client.
A third embodiment of the present application provides a software licensing method, which is applied to a second client, and fig. 6 is a flowchart of the software licensing method according to the third embodiment of the present application, and referring to fig. 6, the software licensing method may specifically include the following steps.
S310, sending a second identity certificate for uniquely identifying the identity of the second client to the server.
The first client may be a primary client of an organization and the second client may be a secondary client of the organization. The organization may be a corporate organization or an illegal organization, and the organization type is not limited herein. The first client has a first identity credential capable of uniquely identifying its identity. Optionally, the first identity credential includes, but is not limited to, a key, a certificate, or a code or string that can uniquely identify the first client, or the first identity credential may also include an account name and a password.
The first client further has a master license for granting a first right to the first client, the first right including usage rights of a first number of terminal devices to specific software. That is, the organization is granted a usage right to use a first number of terminal devices simultaneously with a specific software through the master license. The master license may include information related to the name of the software, the number of the software, the license period, the number of licenses (i.e., the first number), the first identity credential, and so on.
Optionally, the first identity certificate and the main license may be registered or issued by a software developer, or registered or issued by a service provider providing a software license service, as long as the service provider stores the first identity certificate and the main license in association. For example, when the first client logs in for the first time, identity information such as name, address, contact information and the like can be sent to the server. Generating, by the server, a first identity credential based on the identity information of the first client. When a first client wishes to obtain the use right of software, a software license request can be sent to a server and interacts with the server to determine license information such as license period, license quantity, license cost and the like, and the server can issue a main license to the first client based on the license information. The first identity credential may be generated prior to or in addition to the generation of the master license. Taking the master license as a data packet and the first identity credential as a key, the key may be generated together with the generation of the data packet.
The second client has a second identity credential that uniquely identifies the identity of the second client. The second identity credential may include an account name and an account password, the second identity credential also containing a key, a certificate, and a string that is capable of uniquely identifying the identity of the second client.
When the terminal device needs to be granted with the use right of the specific software, the second client side can send the second identity certificate to the server side, and the server side verifies the validity of the second identity certificate after receiving the second identity certificate.
Optionally, when the second identity credential includes an account name and an account password, the server may verify whether the account name exists and verify whether the account name and the account password correspond to each other. Optionally, in a case that the second identity credential includes a key, a certificate, and a character string capable of uniquely identifying the identity of the second client, the server may match the key, the certificate, or the character string with the identity credential stored in the database, and the server may also verify the validity of the key, the certificate, or the character string based on a specific algorithm.
Optionally, the server may generate a first page associated with the first identity credential and a first address of the first page. Feeding back the first address to the first client; the first address is configured to enable the second client to acquire the first page by using the first address and access the server by using the first page. That is, the first page is actually the landing page for the second client.
Optionally, the server may create one or more first pages associated with the first identity credential for each first client, and the server may also create the first pages associated with each second client belonging to the first client, respectively. For example, where a first client has two second clients associated with it, the server may create one first page, which two second clients share in registration with. The server side can also respectively create a first page for the two second clients, respectively generate first addresses used for identifying the first pages, and the two second clients log in through the first pages associated with the two second clients. After the creation of the first page is completed, the server can feed back the first address to the first client. The first client may distribute the first address to the respective second clients.
When the use right of the specific software needs to be granted to the terminal device, an access request can be sent to the server based on the first address, and when the server receives the access request, the first page is searched based on the first address, and the first page is fed back to the second client.
The first page may include a login window, and the second client may input a second identity credential, such as an account name and a password, into the login window and send the second identity credential to the server by selecting a login option.
Under the condition that the server side obtains the second identity voucher, the server side can determine the first identity voucher associated with the first page based on the association relation between the first page and the first identity voucher, then determine the second identity voucher which is stored by the server side and associated with the first identity voucher based on the association relation between the first identity voucher and the second identity voucher, and verify the received second identity voucher based on the stored second identity voucher.
Therefore, as long as the first identity certificates used for identifying the first client are different, the second identity certificates of the second-level clients of different organizations can be the same, so that a larger degree of freedom is provided for the organizations to register the second identity certificates of the second-level clients to which the organizations belong, and enterprise management is facilitated.
S320, receiving an activation code fed back by the server side under the condition that the second identity certificate passes verification; wherein the activation code is associated with the master license for activating the specific software installed on the terminal device.
Optionally, the server may verify a second authority of the second client based on the second identity credential when the second identity credential passes the verification, and generate the activation code based on the master license, the first identity credential, and the second identity credential when the second authority passes the verification, and feed the activation code back to the second client.
For example, the number of terminal devices managed by the second client and the number of terminal devices for which the second client requests the server to authorize the usage right for the specific software are determined. And when the number of the terminal devices which the second client requests the server to grant the use permission to the specific software is smaller than the second number, indicating that the second client can still request the server to grant the use permission to the specific software to the new terminal device within the second permission range. At this time, the server may invoke the first identity credential and the master license based on the association relationship between the second identity credential and the first identity credential, generate an activation code based on the first identity credential, the second identity credential, and the master license, and feed the activation code back to the second client, so that the second client forwards the activation code to the terminal device.
Alternatively, the activation code may be used as a credential to grant a non-specific terminal device access to specific software, and the terminal device may activate the specific software installed on the terminal device using the activation code. For example, the activation code may be entered into an activation window of a particular software to activate the particular software.
According to the software licensing method of the embodiment of the application, an organization can license the use authority of the specific software to second clients held by one or more secondary managers according to an internal organization structure, requests to acquire the activation code from the server through the second clients, and distributes the activation code to the managed terminal equipment, so that the corresponding terminal equipment can activate the installed specific software. Therefore, each department can manage the use permission of the specific software through the second client, and can integrally coordinate the use permission of the specific software through the first client in an organizational level, so that the method has higher flexibility and can meet the management requirements of large enterprises.
Referring to fig. 7, a fourth embodiment of the present application provides an electronic device, which at least includes a memory 401 and a processor 402, where the memory 401 stores a program, and the processor 402 implements the method according to any one of the above embodiments when executing the program on the memory 401.
When the electronic device implements the methods described in the first and second embodiments, the electronic device actually serves as a server. When the electronic device implements the method according to the third embodiment, the electronic device actually acts as the second client.
When the method described in the first embodiment is implemented when the computer executable instructions in the computer readable storage medium are executed, the computer readable storage medium actually serves as a storage medium of the server. When the method of the second embodiment is implemented when the computer executable instructions in the computer readable storage medium are executed, the computer readable storage medium actually serves as a storage medium of the first client. When the method according to the third embodiment is implemented when the computer-executable instructions in the computer-readable storage medium are executed, the computer-readable storage medium actually serves as a storage medium of the second client.
As will be appreciated by one of skill in the art, embodiments of the present application may be provided as a method, electronic device, computer-readable storage medium, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media having computer-usable program code embodied in the medium. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The processor may be a general purpose processor, a digital signal processor, an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof. A general purpose processor may be a microprocessor or any conventional processor or the like.
The memory may include volatile memory in a computer readable medium, random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
The readable storage medium may be a magnetic disk, an optical disk, a DVD, a USB, a Read Only Memory (ROM), a Random Access Memory (RAM), etc., and the application does not limit the specific storage medium form.
The above embodiments are only exemplary embodiments of the present application, and are not intended to limit the present application, and the protection scope of the present application is defined by the claims. Various modifications and equivalents may be made by those skilled in the art within the spirit and scope of the present application and such modifications and equivalents should also be considered to be within the scope of the present application.
Claims (11)
1. A software licensing method is applied to a server side, and comprises the following steps:
receiving a first identity certificate sent by a first client and identity information of at least one second client; the first identity certificate is used for uniquely identifying the first client, the first client has a main permission, the main permission is used for granting a first permission to the first client, and the first permission comprises the use permission of a first number of terminal devices to specific software;
under the condition that the first identity certificate passes verification, registering a second identity certificate based on identity information of a second client, and granting a second right to the second client, wherein the second right comprises the use right of managing a second number of terminal devices to the specific software, and the second number is smaller than or equal to the first number;
acquiring the second identity certificate sent by the second client, and verifying the second identity certificate;
if the second identity certificate passes verification, an activation code is generated and fed back to the second client based on the master license; the activation code is used for activating specific software installed on the terminal equipment;
wherein the method further comprises:
generating a first page associated with the first identity credential and a first address of the first page;
feeding back the first address to the first client; the first address is configured to enable the second client to acquire the first page by using the first address and access the server by using the first page;
wherein the obtaining the second identity credential sent by the second client and verifying the second identity credential comprises:
feeding back the first page to the second client in response to receiving the first address sent by the second client;
receiving the second identity certificate sent by the second client through the first page, and verifying the second identity certificate;
verifying the second identity credential based on a first identity credential associated with the first page.
2. The method of claim 1, further comprising:
receiving an activation code sent by a terminal device and device information used for identifying the terminal device;
and generating and sending a first sub-license to the terminal device based on the main license, the activation code and the device information so as to grant the terminal device the authority to use the specific software.
3. The method of claim 2, further comprising:
receiving an inquiry request sent by the terminal equipment, wherein the inquiry request is used for requesting to inquire the permission state of the first sub-permission;
and under the condition that the first sub-license is determined to be in the valid state, feeding back first response information to the terminal equipment to inform the terminal equipment that the first sub-license is in the valid state.
4. The method of claim 2, further comprising:
receiving an inquiry request sent by the terminal equipment, wherein the inquiry request is used for requesting to inquire the permission state of the first sub-permission;
and under the condition that the first sub-license is determined to be in the state to be updated, generating a second sub-license, and sending the second sub-license to the terminal equipment so that the terminal equipment replaces the first sub-license by the second sub-license.
5. The method of claim 2, further comprising:
receiving an inquiry request sent by the terminal equipment, wherein the inquiry request is used for requesting to inquire the permission state of the first sub-permission;
and under the condition that the first sub-license is determined to be in an invalid state, feeding back second response information to the terminal equipment to indicate the terminal equipment to delete the held first sub-license.
6. The method of claim 2, further comprising:
receiving an operation request sent by the second client, wherein the operation request is used for requesting to execute a specified operation on the first sub-license, and the operation request contains identification information for identifying the first sub-license;
performing the specified operation on the first sub-license based on the operation request.
7. A software licensing method is applied to a server side, and comprises the following steps:
in response to receiving a second identity credential sent by a second client, verifying the second identity credential; wherein the second identity credential is used for proving the identity of the second client, the second identity credential is associated with a first identity credential of a first client, the first client has a master license, the master license is used for granting a first right to the first client, the first right comprises the use right of a first number of terminal devices to specific software, the second client has a second right, the second right comprises the use right of a second number of terminal devices to the specific software, and the second number is less than or equal to the first number;
if the second identity certificate passes verification, an activation code is generated and fed back to the second client based on the master license; the activation code is used for activating specific software installed on the terminal equipment;
wherein the method further comprises:
generating a first page associated with the first identity credential and a first address of the first page;
feeding back the first address to the first client; the first address is configured to enable the second client to acquire the first page by using the first address and access the server by using the first page;
wherein the obtaining the second identity credential sent by the second client and verifying the second identity credential comprises:
feeding back the first page to the second client in response to receiving the first address sent by the second client;
receiving the second identity certificate sent by the second client through the first page, and verifying the second identity certificate;
verifying the second identity credential based on a first identity credential associated with the first page.
8. The method of claim 7, further comprising:
receiving an activation code sent by a terminal device and device information used for identifying the terminal device;
and generating and sending a first sub-license to the terminal equipment based on the main license, the activation code and the equipment information so as to grant the use right of the terminal equipment to the specific software.
9. The method of claim 7, further comprising:
receiving the first identity certificate sent by the first client and identity information of at least one second client;
and under the condition that the first identity certificate passes verification, registering the second identity certificate based on the identity information of the second client, and granting the second authority to the second client.
10. A software licensing method, applied to a second client, comprising:
sending a second identity certificate for uniquely identifying the identity of the second client to a server; wherein the second identity credential is associated with a first identity credential of a first client, the first client having a master license for granting a first right to the first client, the first right comprising usage rights of a first number of terminal devices to a specific software, the second client having a second right comprising usage rights of a second number of terminal devices to the specific software, the second number being less than or equal to the first number;
receiving an activation code fed back by the server under the condition that the second identity certificate passes verification; wherein the activation code is associated with the master license for activating specific software installed on the terminal device;
wherein the sending a second identity credential to the server for uniquely identifying the identity of the second client comprises:
sending an access request to the server based on the first address;
receiving a first page corresponding to the first address fed back by the server; the first page is a page which is created by the server and is associated with the first identity certificate;
and sending the second identity certificate to the server side based on the first page.
11. An electronic device comprising at least a memory and a processor, the memory having a program stored thereon, wherein the processor, when executing the program on the memory, implements the method of any of claims 1-6, the method of any of claims 7-9, or the method of claim 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111650393.7A CN114266017B (en) | 2021-12-30 | 2021-12-30 | Software licensing method and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111650393.7A CN114266017B (en) | 2021-12-30 | 2021-12-30 | Software licensing method and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114266017A CN114266017A (en) | 2022-04-01 |
| CN114266017B true CN114266017B (en) | 2022-11-01 |
Family
ID=80831755
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111650393.7A Active CN114266017B (en) | 2021-12-30 | 2021-12-30 | Software licensing method and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114266017B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103347090A (en) * | 2013-07-17 | 2013-10-09 | 成都盈锐科技有限公司 | Software license management system based on enterprise network |
| CN103838987A (en) * | 2013-06-24 | 2014-06-04 | 电子科技大学 | Software license dynamic authorization management method based on local area network |
| CN107885980A (en) * | 2017-12-06 | 2018-04-06 | 武汉万创科技有限公司 | A kind of method of managing software and system |
| CN108574593A (en) * | 2017-03-13 | 2018-09-25 | 华为技术有限公司 | The management system of licensing in a kind of NFV networks |
| CN109743194A (en) * | 2018-12-10 | 2019-05-10 | 中国联合网络通信集团有限公司 | A kind of License Management method and device |
| CN109922076A (en) * | 2019-03-27 | 2019-06-21 | 北京深思数盾科技股份有限公司 | Safety communicating method and authorization platform in a kind of soft-lock admission process |
| CN111625778A (en) * | 2020-04-14 | 2020-09-04 | 华帝股份有限公司 | Method and system for distributing and recovering software license |
| EP3786819A1 (en) * | 2019-08-30 | 2021-03-03 | Mobilise Consulting Ltd | Software license distribution |
| CN113553552A (en) * | 2020-04-23 | 2021-10-26 | 丁爱民 | License management and control method and system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8805743B2 (en) * | 2006-12-27 | 2014-08-12 | International Business Machines Corporation | Tracking, distribution and management of apportionable licenses granted for distributed software products |
| US9361433B2 (en) * | 2012-08-03 | 2016-06-07 | Synchronoss Technologies, Inc | Enterprise leasing license algorithm |
| US20160292686A1 (en) * | 2015-03-31 | 2016-10-06 | Prasanna Laxminarayanan | Authentication systems and methods for credential activation and provisioning |
| CN111353903B (en) * | 2020-02-26 | 2021-07-06 | 广东工业大学 | Network identity protection method and device, electronic equipment and storage medium |
-
2021
- 2021-12-30 CN CN202111650393.7A patent/CN114266017B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103838987A (en) * | 2013-06-24 | 2014-06-04 | 电子科技大学 | Software license dynamic authorization management method based on local area network |
| CN103347090A (en) * | 2013-07-17 | 2013-10-09 | 成都盈锐科技有限公司 | Software license management system based on enterprise network |
| CN108574593A (en) * | 2017-03-13 | 2018-09-25 | 华为技术有限公司 | The management system of licensing in a kind of NFV networks |
| CN107885980A (en) * | 2017-12-06 | 2018-04-06 | 武汉万创科技有限公司 | A kind of method of managing software and system |
| CN109743194A (en) * | 2018-12-10 | 2019-05-10 | 中国联合网络通信集团有限公司 | A kind of License Management method and device |
| CN109922076A (en) * | 2019-03-27 | 2019-06-21 | 北京深思数盾科技股份有限公司 | Safety communicating method and authorization platform in a kind of soft-lock admission process |
| EP3786819A1 (en) * | 2019-08-30 | 2021-03-03 | Mobilise Consulting Ltd | Software license distribution |
| CN111625778A (en) * | 2020-04-14 | 2020-09-04 | 华帝股份有限公司 | Method and system for distributing and recovering software license |
| CN113553552A (en) * | 2020-04-23 | 2021-10-26 | 丁爱民 | License management and control method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114266017A (en) | 2022-04-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11475137B2 (en) | Distributed data storage by means of authorisation token | |
| US7073195B2 (en) | Controlled access to credential information of delegators in delegation relationships | |
| KR100765774B1 (en) | Method and apparatus for managing domain | |
| JP4410324B2 (en) | Qualification management method and apparatus | |
| US8769642B1 (en) | Techniques for delegation of access privileges | |
| US8635679B2 (en) | Networked identity framework | |
| CN110417863B (en) | Method and device for generating identity identification code and method and device for authenticating identity | |
| Woo et al. | A framework for distributed authorization | |
| US8060464B2 (en) | Data-centric distributed computing | |
| KR20120017035A (en) | Interaction model to migrate states and data | |
| CN110602088A (en) | Block chain-based right management method, block chain-based right management device, block chain-based right management equipment and block chain-based right management medium | |
| US8312262B2 (en) | Management of signing privileges for a cryptographic signing service | |
| US20130144633A1 (en) | Enforcement and assignment of usage rights | |
| US20110083177A1 (en) | Software license management | |
| KR20080019362A (en) | Substitutable local domain management system and method for substituting the system | |
| US20020099668A1 (en) | Efficient revocation of registration authorities | |
| US20210144138A1 (en) | Authority transfer system, server and method of controlling the server, and storage medium | |
| JP2019525317A (en) | Authority revocation method and device | |
| US20080127332A1 (en) | Information processing system, electronic authorization information issuing device, electronic information utilizing device, right issuing device, recording medium storing electronic authorization information issuing program, electronic information utilizing program and right issuing program, and information processing method | |
| CN114266017B (en) | Software licensing method and electronic equipment | |
| US11522863B2 (en) | Method and system for managing resource access permissions within a computing environment | |
| CN114491418A (en) | Software licensing method and electronic equipment | |
| JP2008090701A (en) | Authentication access control system and add-in module to be used therefor | |
| Kuo et al. | Dynamically authorized role-based access control for secure distributed computation | |
| JP2019200515A (en) | Information processing apparatus, information processing method, and computer program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Applicant after: Beijing Shendun Technology Co.,Ltd. Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Applicant before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |