CN114491423A - Software use authorization protection method - Google Patents
Software use authorization protection method Download PDFInfo
- Publication number
- CN114491423A CN114491423A CN202210125541.1A CN202210125541A CN114491423A CN 114491423 A CN114491423 A CN 114491423A CN 202210125541 A CN202210125541 A CN 202210125541A CN 114491423 A CN114491423 A CN 114491423A
- Authority
- CN
- China
- Prior art keywords
- authorization
- software
- generating
- authorization file
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 88
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000004364 calculation method Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 description 6
- 230000008901 benefit Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a software use authorization protection method, which comprises the following steps: s1, generating a machine code, and determining the uniqueness of the standard software installation machine through the machine code; s2, generating a software XML authorization file template, and generating and acquiring the software XML authorization file template through the configuration of a management platform; s3, signature value generation, namely generating a unique value of the machine code character string through a secure hash algorithm, then operating the unique value through an RSA algorithm to generate a signed value, and encoding the signed value through base64 encoding to generate a signature value; s4, based on the plaintext content of the authorization file template generated by S2 and S3, encrypting the content by an AES algorithm through a preset fixed password to generate a ciphertext authorization file; and S5, generating a final authorization file after the authorization file is decoded and authorized. The invention solves the problems of frequent embezzlement of the existing software, loss and safety risk.
Description
Technical Field
The invention relates to the technical field of software protection, in particular to a software use authorization protection method.
Background
With the development of network technology, software piracy and software embezzlement are more and more frequent, so that the income of a company is damaged, and potential safety hazards exist. In order to protect that the software of a company can be correctly installed but cannot be used under the condition that the software is not authorized by an authorization platform after being stolen unintentionally or intentionally, the software can be normally used only after an authorization file (license file) generated after the software is installed on a terminal (computer) is authorized by the authorization platform in the company, so that the software is well protected from being stolen or illegally used, the benefit of the company is well protected from being lost, the company resources are not leaked, the correct use of the company software is well protected, and the image and the credit of the company can be maintained from the side.
Disclosure of Invention
Therefore, the invention provides a software use authorization protection method to solve the problems of frequent software embezzlement, loss and security risk.
In order to achieve the above purpose, the invention provides the following technical scheme:
the invention discloses a software use authorization protection method, which comprises the following steps:
s1, generating a machine code, and determining the uniqueness of the standard software installation machine through the machine code;
s2, generating a software XML authorization file template, and generating and acquiring the software XML authorization file template through the configuration of a management platform;
s3, signature value generation, namely generating a unique value of the machine code character string through a secure hash algorithm, then operating the unique value through an RSA algorithm to generate a signed value, and encoding the signed value through base64 encoding to generate a signature value;
s4, based on the plaintext content of the authorization file template generated by S2 and S3, encrypting the content by an AES algorithm through a preset fixed password to generate a ciphertext authorization file;
and S5, generating a final authorization file after the authorization file is decoded and authorized.
Further, in the step S1, the machine code includes a CPU code ID, a hard disk serial number, and a network card mac address.
Further, in the step S2, the XML authorization file template includes a software version number, a software authorization point number, a software authorization start time, a software authorization end time, and a signature value.
Further, the signature value needs to be calculated and acquired, and the software version number, the software authorization point number, the software authorization starting time and the software authorization ending time are acquired through management platform configuration.
Further, in the step S4, the plaintext content of the authorization file template is generated according to the ciphertext signature value, the software authorization point number, the software authorization start time, the software authorization end time, and the software version number.
Further, in the step S5, the authorization file is uploaded to the authorization platform, and the authorization platform performs decoding authorization on the above process through reverse decoding, so as to generate a final authorization file.
Further, after the final authorization file is installed at the software end, the software function is unlocked and can be normally used, and the authorization platform is fed back to confirm that the authorization is successful.
The invention has the following advantages:
the invention discloses a software use authorization protection method, which comprises the steps of generating an authorization file, firstly generating a machine code, an authorization file template and a signature value, carrying out encryption processing by an AES algorithm through the plaintext content of the authorization file template to generate a ciphertext authorization file, uploading the authorization file to an authorization platform in a use stage, and carrying out decoding authorization on the processes through reverse decoding to generate a final authorization file; enabling authorized use of the software. The software is protected from being stolen or illegally used, the benefits of the company are better protected from being lost, the company resources are not leaked, the correct use of the company software is well protected, and the safety risk of the software is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It should be apparent that the drawings in the following description are merely exemplary, and that other embodiments can be derived from the drawings provided by those of ordinary skill in the art without inventive effort.
The structures, the proportions, the sizes, and the like shown in the specification are only used for matching with the contents disclosed in the specification, so that those skilled in the art can understand and read the present invention, and do not limit the conditions for implementing the present invention, so that the present invention has no technical essence, and any modifications of the structures, changes of the proportion relation, or adjustments of the sizes, should still fall within the scope of the technical contents disclosed in the present invention without affecting the efficacy and the achievable purpose of the present invention.
Fig. 1 is a flowchart of a method for protecting software usage authorization according to an embodiment of the present invention;
FIG. 2 is a flow chart of an AES algorithm provided by an embodiment of the invention;
Detailed Description
The present invention is described in terms of particular embodiments, other advantages and features of the invention will become apparent to those skilled in the art from the following disclosure, and it is to be understood that the described embodiments are merely exemplary of the invention and that it is not intended to limit the invention to the particular embodiments disclosed. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Examples
Referring to fig. 1, the present embodiment discloses a software use authorization protection method, where the method includes:
s1, generating a machine code, and determining the uniqueness of the standard software installation machine through the machine code;
s2, generating a software XML authorization file template, and generating and acquiring the software XML authorization file template through the configuration of a management platform;
s3, signature value generation, namely generating a unique value of the machine code character string through a secure hash algorithm, then operating the unique value through an RSA algorithm to generate a signed value, and encoding the signed value through base64 encoding to generate a signature value;
s4, based on the plaintext content of the authorization file template generated by S2 and S3, encrypting the content by an AES algorithm through a preset fixed password to generate a ciphertext authorization file;
and S5, generating a final authorization file after the authorization file is decoded and authorized.
In step S1, the machine code includes a CPU code ID, a hard disk serial number, and a network card mac address, so as to determine the uniqueness of the machine code and avoid duplication or collision.
And generating a signature value after the machine code is generated, wherein in the step S2, the XML authorization file template comprises a software version number, software authorization points, software authorization starting time, software authorization ending time and a signature value. The signature value needs to be calculated and acquired, and the software version number, the software authorization point number, the software authorization starting time and the software authorization ending time are generated and acquired through management platform configuration.
In the process of generating the signature value, the machine code character string is firstly generated into a unique value through a secure hash algorithm, then the unique value is operated through an RSA algorithm to generate a signed value, and the signed value is encoded through base64 encoding to generate the signature value. Secure Hash Algorithm (SHA) is a commonly used data encryption algorithm. It was published by the National Institute of Standards and Technology (NIST) as the federal information processing standard in 1993 (i.e., the first SHA algorithm SHA-0). In 1995, its improved version SHA-1 was also promulgated (SHA-1 has higher security than SHA-0). The SHA-1 algorithm is currently the most commonly used secure hash algorithm and the most advanced encryption technique. The idea of the SHA-1 algorithm is to receive a piece of plaintext and then convert it into a (usually smaller) piece of ciphertext in an irreversible manner, which can also be simply understood as a process of taking a string of input codes and converting them into a short, fixed-bit-length output sequence, i.e. a hash value (called a message digest). The algorithm produces a 160-bit message digest output for messages of length no more than 2 to the power of 64, and the input is processed in 512-bit packets. The SHA-1 algorithm plays an extremely important role in cryptography, and can be used for realizing functions of data confidentiality, data change prevention, identity authentication and the like. A typical application is to extract hash values (called message digests) from data such as digital messages, IP packets, disk files, etc., and to perform authentication and integrity checks on the original data together with symmetric or asymmetric encryption techniques.
After the signature value is generated, a machine unique value is generated after SHA256 operation, the machine unique value is generated after RSA algorithm calculation, and the signed value is encoded through base64 to generate the signature value of the ciphertext.
Generating plaintext authorization file content by using the ciphertext signature value, the software authorization point number, the software authorization starting time, the software authorization ending time and the software version number, and generating ciphertext authorization file content by using a fixed password and performing AES algorithm operation.
The AES encryption algorithm involves 4 operations: byte substitution (SubBytes), row shifting (ShiftRows), column obfuscation (MixColumns), and round key addition (AddRoundKey). Fig. 2 shows the flow of AES encryption and decryption, and it can be seen from fig. 2 that: 1) each step of the decryption algorithm respectively corresponds to the inverse operation of the encryption algorithm, and 2) the sequence of all the operations of encryption and decryption is just opposite. It is because of these points (and the operational reversal of each step of the encryption algorithm and the decryption algorithm) that the correctness of the algorithm is guaranteed. And the key of each round in encryption and decryption is obtained by a seed key through a key expansion algorithm. The 16 bytes of plaintext, ciphertext and round keys in the algorithm are all represented by a 4x4 matrix.
The authorization file is uploaded to an authorization platform, decoding authorization is carried out on the processes through reverse decoding, and a final authorization file is generated; after the final authorization file is installed at the software end, the software function is unlocked, normal use can be carried out, the authorization platform is fed back, and the success of authorization is confirmed. The legal authorization of the software is realized, and the safety is ensured.
The software use authorization protection method disclosed by the embodiment generates an authorization file, generates a machine code, an authorization file template and a signature value, encrypts the authorization file by an AES algorithm through the plaintext content of the authorization file template to generate a ciphertext authorization file, uploads the authorization file to an authorization platform in a use stage, and decodes and authorizes the processes through reverse decoding to generate a final authorization file; enabling authorized use of the software. The software is protected from being stolen or illegally used, the benefits of the company are better protected from being lost, the company resources are not leaked, the correct use of the company software is well protected, and the safety risk of the software is reduced.
Although the invention has been described in detail above with reference to a general description and specific examples, it will be apparent to one skilled in the art that modifications or improvements may be made thereto based on the invention. Accordingly, such modifications and improvements are intended to be within the scope of the invention as claimed.
Claims (7)
1. A software use authorization protection method is characterized in that the method comprises the following steps:
s1, generating a machine code, and determining the uniqueness of the standard software installation machine through the machine code;
s2, generating a software XML authorization file template, and generating and acquiring the software XML authorization file template through the configuration of a management platform;
s3, signature value generation, namely generating a unique value of the machine code character string through a secure hash algorithm, then operating the unique value through an RSA algorithm to generate a signed value, and encoding the signed value through base64 encoding to generate a signature value;
s4, based on the plaintext content of the authorization file template generated by S2 and S3, encrypting the content by an AES algorithm through a preset fixed password to generate a ciphertext authorization file;
and S5, generating a final authorization file after the authorization file is decoded and authorized.
2. The method for protecting authority of software use according to claim 1, wherein in said step S1, the machine code includes a CPU code ID, a serial number of a hard disk, and a mac address of a network card.
3. The method for protecting authority of using software as claimed in claim 1, wherein in step S2, the XML authorization file template includes software version number, software authorization point number, software authorization start time, software authorization end time, and signature value.
4. A method for protecting the authorization of software usage according to claim 3, wherein the signature value is acquired by calculation, and the software version number, the number of software authorization points, the starting time of software authorization and the ending time of software authorization are acquired by the configuration of the management platform.
5. The method for protecting the authorization of software usage according to claim 1, wherein in step S4, the plaintext contents of the authorization file template are generated by the ciphertext signature value, the number of software authorization points, the software authorization start time, the software authorization end time, and the software version number.
6. The method for protecting authorization of software usage according to claim 1, wherein in step S5, the authorization file is uploaded to the authorization platform for decoding authorization by reverse decoding, and a final authorization file is generated.
7. The software use authorization protection method according to claim 6, characterized in that after the final authorization file is installed at the software end, the software function is unlocked and can be used normally, and the authorization platform is fed back to confirm the success of authorization.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210125541.1A CN114491423A (en) | 2022-02-10 | 2022-02-10 | Software use authorization protection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210125541.1A CN114491423A (en) | 2022-02-10 | 2022-02-10 | Software use authorization protection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114491423A true CN114491423A (en) | 2022-05-13 |
Family
ID=81479056
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210125541.1A Pending CN114491423A (en) | 2022-02-10 | 2022-02-10 | Software use authorization protection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114491423A (en) |
-
2022
- 2022-02-10 CN CN202210125541.1A patent/CN114491423A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2691906B1 (en) | Method and system for protecting execution of cryptographic hash functions | |
| US9537657B1 (en) | Multipart authenticated encryption | |
| EP2290872B1 (en) | Device for generating a message authentication code for authenticating a message | |
| US9838198B2 (en) | Splitting S-boxes in a white-box implementation to resist attacks | |
| US20060265595A1 (en) | Cascading key encryption | |
| CA2373787C (en) | Self authentication ciphertext chaining | |
| US7254233B2 (en) | Fast encryption and authentication for data processing systems | |
| US9363244B2 (en) | Realizing authorization via incorrect functional behavior of a white-box implementation | |
| CN105812146A (en) | MD5-based two-way encryption data protection method | |
| CN114844728B (en) | Serialized data secure communication method and big data platform | |
| US9641337B2 (en) | Interface compatible approach for gluing white-box implementation to surrounding program | |
| EP2960891B1 (en) | Method for introducing dependence of white-box implementationon a set of strings | |
| US20150372989A1 (en) | Method for introducing dependence of white-box implementation on a set of strings | |
| CN111683061A (en) | Block chain-based Internet of things equipment access control method and device | |
| CN115102768A (en) | Data processing method and device and computer equipment | |
| CN114491423A (en) | Software use authorization protection method | |
| CN115022042A (en) | Compliance code verification method for protecting data privacy and computer readable medium | |
| JP6631989B2 (en) | Encryption device, control method, and program | |
| EP2940919B1 (en) | Realizing authorization via incorrect functional behavior of a white-box implementation | |
| WO2022237440A1 (en) | Authenticated encryption apparatus with initialization-vector misuse resistance and method therefor | |
| KR20110042419A (en) | Mode of operation adapted to multimedia environments | |
| Liu | Software protection with encryption and verification | |
| Sivakumar et al. | A new symmetric cryptosystem using randomized parameters of SHA-512 and MD5 hash functions | |
| CN116881865A (en) | License generation method and system | |
| CN117675189A (en) | Data encryption method, data decryption device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |