CN114710332B - License anti-cloning method and device - Google Patents

License anti-cloning method and device Download PDF

Info

Publication number
CN114710332B
CN114710332B CN202210290216.0A CN202210290216A CN114710332B CN 114710332 B CN114710332 B CN 114710332B CN 202210290216 A CN202210290216 A CN 202210290216A CN 114710332 B CN114710332 B CN 114710332B
Authority
CN
China
Prior art keywords
license server
authorization information
server
standby
keep
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210290216.0A
Other languages
Chinese (zh)
Other versions
CN114710332A (en
Inventor
吴宝平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN202210290216.0A priority Critical patent/CN114710332B/en
Publication of CN114710332A publication Critical patent/CN114710332A/en
Application granted granted Critical
Publication of CN114710332B publication Critical patent/CN114710332B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0663Performing the actions predefined by failover planning, e.g. switching to standby network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The specification provides a license anti-cloning method and device, and relates to the technical field of communication. A license anti-cloning method is applied to an authentication server and comprises the following steps: generating authorization information of the authenticated license server, wherein the authorization information comprises equipment information of the primary license server and the standby license server; issuing authorization information to the main license server so that the main license server generates local authorization information according to the authorization information; if keep-alive messages sent by the main license server and the standby license server are respectively received in a preset period, local authorization information of the main license server is updated, and the keep-alive messages sent by the standby license server are discarded. By the method, the user can be prevented from cloning the permission, and the reliability of authentication is improved.

Description

License anti-cloning method and device
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a license anti-cloning method and device.
Background
As networks evolve, network devices also become more powerful, and in some network devices, vendors are required to provide software authorization for the user's network device to operate. In enterprise-level networking, in order to achieve more efficient authorization management, a License Server (License Server) is deployed in the networking, and the License Server is used to monitor whether network devices in the networking legally use software authorization.
In order to improve the reliability of software authorization, the license server can be deployed in a master-slave mode, and authorization information is respectively stored in the master license server and the slave license server. Under normal operation, only the primary license server manages the network devices thereunder and synchronizes with the backup license server.
Since the authorization information is stored in the primary license server and the backup license server, respectively, both license servers become primary license servers when the connection between the primary license server and the backup license server is disconnected. In this way, two license servers in the networking can manage the network devices under the license servers based on the authorization information before disconnection, so that a user obtains two independent authorization information, the problem that the license servers are cloned occurs, and the reliability of authentication is reduced.
Disclosure of Invention
To overcome the problems in the related art, the present specification provides a license anti-cloning method and apparatus.
According to a first aspect of embodiments of the present specification, there is provided a license anti-cloning method applied to an authentication server, including:
generating authorization information of the authenticated license server, wherein the authorization information comprises equipment information of the primary license server and the standby license server;
issuing authorization information to the main license server so that the main license server generates local authorization information according to the authorization information;
if keep-alive messages sent by the main license server and the standby license server are respectively received in a preset period, local authorization information of the main license server is updated, and the keep-alive messages sent by the standby license server are discarded.
Further, the method further comprises:
if only the keep-alive message sent by the standby license server is received in a preset period, comparing the equipment information carried by the keep-alive message with the generated authorization information;
if the two types of the license servers are consistent, the standby license server is switched to the main license server;
if the primary license server and the standby license server are inconsistent, the primary license server and the standby license server are marked as invalid in the generated authorization information.
Optionally, the keep-alive message carries device information and a unique identifier corresponding to the license server, and the authorization information further comprises the unique identifier;
the method further comprises the steps of:
after receiving the keep-alive message of the main license server, comparing the equipment information, the unique identifier and the authorization information carried in the keep-alive message;
if the local authorization information is consistent with the local authorization information recorded in the main license server, updating the local authorization information recorded in the main license server;
if the primary license server and the standby license server are inconsistent, the primary license server and the standby license server are marked as invalid in the generated authorization information.
Optionally, after marking the primary license server and the backup license server as invalid in the generated authorization information, the method further includes:
and sending an alarm notification.
According to a second aspect of embodiments of the present specification, there is provided a license anti-cloning method applied to a license server, including:
receiving and recording authorization information sent by an authentication server, wherein the authorization information comprises equipment information of a main license server and a standby license server;
sending a keep-alive message to an authentication server;
if the updated authorization information sent by the authentication server is received, updating the local authorization information;
if the updated authorization information sent by the authentication server is not received in the preset period, marking the local authorization information as invalid.
Further, after marking the local authorization information of the self as invalid, the method further comprises:
and if the time of the local authorization information marked as invalid exceeds the preset time, deleting the local authorization information.
According to a third aspect of embodiments of the present specification, there is provided a license anti-cloning apparatus applied to an authentication server, comprising:
a generation unit configured to generate authorization information of the license server that passes the authentication, wherein the authorization information includes device information of the primary license server and the backup license server;
the sending unit is used for sending the authorization information to the main license server so that the main license server generates local authorization information according to the authorization information;
and the authentication unit is used for updating the local authorization information of the main license server and discarding the keep-alive messages sent by the standby license server if the keep-alive messages sent by the main license server and the standby license server are respectively received in a preset period.
Further, the authentication unit is further configured to compare, if only the keep-alive message sent by the standby license server is received within a preset period, the device information carried by the keep-alive message with the generated authorization information;
if the two types of the license servers are consistent, the standby license server is switched to the main license server;
if the primary license server and the standby license server are inconsistent, the primary license server and the standby license server are marked as invalid in the generated authorization information.
Optionally, the keep-alive message carries device information and a unique identifier corresponding to the license server, and the authorization information further comprises the unique identifier;
the authentication unit is also used for comparing the equipment information and the unique identifier carried in the keep-alive message and the equipment information and the unique identifier recorded in the license server after receiving the keep-alive message of the main license server;
if the local authorization information is consistent with the local authorization information recorded in the main license server, updating the local authorization information recorded in the main license server;
if the primary license server and the standby license server are inconsistent, the primary license server and the standby license server are marked as invalid in the generated authorization information.
Optionally, the device further includes:
and the alarm unit is used for sending alarm notification.
According to a fourth aspect of embodiments of the present specification, there is provided a license anti-cloning apparatus, applied to a license server, comprising:
a receiving unit, configured to receive and record authorization information sent by an authentication server, where the authorization information includes device information of a primary license server and a backup license server;
the sending unit is used for sending the keep-alive message to the authentication server;
the updating unit is used for updating the local authorization information if the updated authorization information sent by the authentication server is received;
and the processing unit is used for marking the local authorization information of the processing unit as invalid if the updated authorization information sent by the authentication server is not received in a preset period.
Optionally, the device further includes:
and the deleting unit is used for deleting the local authorization information if the time of the local authorization information marked as invalid exceeds the preset time.
According to a fifth aspect of embodiments of the present specification, there is provided a server comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: method steps implementing any of the above.
According to a sixth aspect of embodiments of the present description, there is provided a machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to: method steps implementing any of the above.
The technical scheme provided by the embodiment of the specification can comprise the following beneficial effects:
in the embodiment of the specification, the preset period is set in the device, and when the keep-alive messages of the main license server and the standby license server are received in the preset period, only the main license server is updated with the authorization information, so that the problem that the license servers are cloned due to the fact that the main license server and the standby license server are respectively authorized after the connection between the main license server and the standby license server is disconnected is avoided, and the reliability of authentication is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the specification and together with the description, serve to explain the principles of the specification.
Fig. 1 is a flowchart of a license anti-cloning method according to an embodiment of the present application, which is applied to an authentication server;
FIG. 2 is a networking diagram to which a license anti-cloning method according to an embodiment of the present application is applied;
FIG. 3 is a flowchart of a license anti-cloning method according to an embodiment of the present application, applied to a license server;
fig. 4 is a schematic structural diagram of a license anti-cloning device according to an embodiment of the present application, which is applied to an authentication server;
fig. 5 is a schematic structural diagram of a license anti-cloning device according to an embodiment of the present application, which is applied to a license server;
fig. 6 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the present specification. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present description as detailed in the accompanying claims.
The application provides a license anti-cloning method, as shown in figure 1, applied to an authentication server, comprising the following steps:
s100, generating authorization information of the license server passing the authentication.
In enterprise-level networking, two or more license servers may be provided, which constitute a master-slave relationship. Subsequently, two license servers 1 and 2 are used as examples, and as shown in fig. 2, the primary license server (license server 1) and the backup license server (license server 2) communicate with each other and establish a connection with the authentication server. The primary license server and the backup license server can manage 3 network devices, namely, network device 1, network device 2, and network device 3.
When a user accesses the authentication server through the license server, device information of the license server to be authenticated, such as IP (internet protocol ) addresses of the primary license server and the backup license server, virtual IP addresses displayed externally, and the like, and an authorization code obtained by the user may be filled in. Optionally, the user may also fill in the generated unique identifier, where the unique identifier is generated by the license server, may be a random identifier, or may be generated according to device information of the license server, etc.
After the user fills in, the authentication server authenticates the license server according to the authorization code and generates authorization information related to the authorization code. The authorization information includes correspondence between device information, an authorization number, an authorization code, and the like of the primary license server and the backup license server.
S101, issuing authorization information to the master license server so that the master license server generates local authorization information according to the authorization information.
Because of the primary-backup relationship of the license servers, after authorization, only one license server is required to work to meet the requirements, and therefore, the authentication server can issue all or part of authorization information to the primary license server. After receiving the authorization information, the master license server forms local authorization information so that the master license server authorizes the network devices managed under the master license server. A database may be provided on the license server, and the local authorization information may be stored in the database. After one authorization, the number of authorizations contained in the authorization information is correspondingly reduced. After that, the master license server continuously monitors the network devices contained under the master license server, and after one network device obtains the authorization of the master license server, the master license server modifies the authorized quantity in the local authorization information and synchronizes with the standby license server.
Other information, such as a preset time for maintaining the time during which the authorization is possible to the network device in the case where the connection between the license server and the authentication server is disconnected, etc., may be included in the local authorization information. If the preset time is exceeded, as calculated from the disconnection, etc., the authorization information of the license server is deleted so that the license server can no longer authorize the network device unless the authentication server is authenticated again.
S102, if keep-alive messages sent by the main license server and the standby license server are respectively received in a preset period, local authorization information of the main license server is updated, and the keep-alive messages sent by the standby license server are discarded.
The primary license server and the backup license server both store addresses (typically IP addresses) of authentication servers. The authentication server is provided with a preset period, and the authentication server continuously waits for the keep-alive message of the other license server in the preset period, and after the preset period passes, the keep-alive message of the other license server is not received, so that the license server can be considered to have faults.
Note that, the keep-alive message may be a message based on an HTTP protocol (hypertext transfer protocol ), where the HTTP message may carry its own IP address, and in a space of the payload, data in a TLV (Type-Length-Value) format may be formed. The data in the TLV format may be set based on actual requirements, and the Type (Type) may set any value between 0x01 and 0xff, and may be a custom length. At the time of transmission, data is filled for the set Value (Value), thereby realizing transmission between the authentication server and the license server.
For example, TLV format data in the load of the keep-alive message may be distributed according to the following table 1, and it should be noted that the content set by the Type and Length in table 1 may be set according to the requirement, and is not limited to the correspondence relationship of the following table.
TABLE 1
In order to avoid the problem that the authorization information is cloned, at least the IP address of the sender needs to be carried in the load of the keep-alive message, that is, the license server attaches the private network IP address of itself to the load.
When the primary license server and the standby license server are in a normal state, the primary license server and the standby license server can send keep-alive messages to the authentication server, and at the moment, the authentication server receives the two keep-alive messages received in a preset period. The IP address of the license server that transmits the keep-alive message, that is, the private network IP address of the license server, may be added to the load (Payload) in the keep-alive message.
After the authentication server receives the two keep-alive messages, firstly determining whether a license server sending the keep-alive messages is a registered license server or not based on authorization information stored by the authentication server; if so, in the current preset period, whether keep-alive messages sent by the main license server and the standby license server are received or not; if so, it can be determined that both are in operation, and only one license server needs to be authorized in order to avoid cloning of the authorization information. At this time, the response with the smaller private network IP address may be selected from the two keep-alive messages, or the response with the larger private network IP address may be selected from the two keep-alive messages, which is not limited to the rule for the second choice of the license server, and will not be repeated. For the keep-alive message of another license server, the authentication server can be discarded without processing.
In addition, based on the above table 1, the load of the keep-alive message may also carry the primary and standby relationships determined before the two license servers. For example, when the connection between the primary license server and the backup license server fails (e.g., the connection is not reachable), both the primary license server and the backup license server send keep-alive messages to the authentication server.
The authentication server will receive the keep-alive messages sent by the two license servers, and since the local authorization information recorded by the two license servers is substantially the same (the authorization amount may be different due to the time between the disconnection and the sending of the keep-alive messages), for example, whether the private network IP addresses of the two license servers belong to a group with the registered two private network IP addresses in the authorization information or not is compared, so the authentication server can determine that the two authentication servers are the primary license server and the standby license server in an enterprise-level network. And determining whether the current active license server IP address and the standby license server IP address are active or standby based on the current active license server IP address and the standby license server IP address carried in the keep-alive message.
At this time, the authentication server compares the device information carried in the keep-alive messages with the device information recorded in the authorization information generated by the authentication server to determine that the two keep-alive messages come from the license servers of the master and the slave, so that the authentication server can update only the local authorization information in the master license server, so that the master license server can continuously manage the network devices under the master license server, and discard the keep-alive messages sent by the slave license server.
In addition, if a primary-backup switch is sent between two license servers, in the keep-alive message, the current primary license server may be replaced by the private IP address of the original backup license server, and the private IP address of the current backup license server will be missing due to a failure, such as marked as none.
In the embodiment of the specification, the preset period is set in the device, and when the keep-alive messages of the main license server and the standby license server are received in the preset period, only the main license server is updated with the authorization information, so that the problem that the license servers are cloned due to the fact that the main license server and the standby license server are respectively authorized after the connection between the main license server and the standby license server is disconnected is avoided, and the reliability of authentication is improved.
Further, the method further comprises:
and S103, if only the keep-alive message sent by the standby license server is received in a preset period, comparing the equipment information carried by the keep-alive message with the generated authorization information.
And S104, if the two types of the information are consistent, switching the standby permission server to the main permission server.
And S105, if the primary license server and the standby license server are inconsistent, marking the primary license server and the standby license server as invalid in the generated authorization information.
If the authentication server only receives the keep-alive message of the standby license server in a preset period, the primary license server can be considered to be faulty. The authentication server judges whether the standby license server can pass through according to the equipment information and the like carried in the keep-alive message. If the device information carried by the keep-alive message is consistent with the generated authorization information, the standby license server can be determined to work, the standby license server (such as license server 2 in fig. 2) is marked as a main license server in the authorization information, and related information of the standby license server is cleared in the authorization information, so that the main and standby switching of the license server is completed.
If the device information carried by the keep-alive message is inconsistent with the generated authorization information, the authentication server can mark the primary license server and the standby license server as invalid in the authorization information. Because modification in the license server may involve re-authentication in the event of an inconsistency, the authentication server may mark both license servers as invalid, thereby alerting the user to re-authenticate.
In order to further improve the reliability of authentication and authorization, optionally, the keep-alive message carries device information and a unique identifier corresponding to the license server, and the authorization information further includes the unique identifier. The unique identification is generated by the license server as described above and is unique in the networking.
Correspondingly, the method further comprises the steps of:
s106, after the keep-alive message of the master license server is received, equipment information, a unique identifier and authorization information carried in the keep-alive message are compared.
Under the condition that the master license server works normally, keep-alive messages are continuously sent to the authentication server, so that the master license server is prevented from being marked as invalid to stop the authorization management work.
After the authentication server receives the keep-alive message, the device information and the unique identifier carried in the keep-alive message are compared with the device information and the unique identifier recorded during the authentication of the license server, so as to determine whether the primary license server is changed by a user or not, and the like.
And S107, if the local authorization information is consistent, updating the local authorization information recorded in the master license server.
If the device information and the unique identifier carried in the keep-alive message are consistent with the device information and the unique identifier recorded during authentication of the license server, it can be stated that the primary license server is not changed and is in a normal use state.
At this time, the authentication server can update the local authorization information recorded in the master license server through the connection with the master license server.
Specifically, the updating mode may be to issue a feedback message for the keep-alive message, where the feedback message is used to refresh the preset time set in the primary license server, and count time again; alternatively, the update method may be to issue the authentication server again, so as to extend the time for the master license server to perform authorization management on the network device. Of course, the update method is not limited to the above case, and may be set by other methods.
And S108, if the primary license server and the standby license server are inconsistent, marking the primary license server and the standby license server as invalid in the generated authorization information.
If the device information and the unique identifier carried in the keep-alive message are inconsistent with the device information and the unique identifier recorded when authenticating the license server, it can be stated that the primary license server (or the standby license server) has been modified, and there is a risk that the license is cloned. In this case, the authentication server may set the primary license server and the backup license server to be invalid in the authorization information, so as to start timing, and after a preset time (or a plurality of keep-alive messages are not passed), avoid frequent authentication by deleting the authorization information or putting the authorization information of the primary license server and the backup license server marked as invalid into a mode of offline, and the like. After deleting the authorization information or putting the authorization information off line, the authentication server receives the keep-alive message again and discards the keep-alive message.
In order to prompt the user to process the abnormal situation as soon as possible, optionally, after marking the primary license server and the standby license server as invalid in the generated authorization information in step S108, the method further includes:
s109, sending an alarm notification.
In the authorization information, a number (such as a mobile phone number, a base phone number, etc.) filled in by the user when the first authentication is passed may also be recorded. After the primary license server and the standby license server are set to be invalid, the authentication server can immediately send a short message to the number or dial a voice call to remind the number of abnormality, so that a user is prompted to process as soon as possible.
Alternatively, when the primary license server or the backup license server can still communicate with the authentication server, a notification alert message is directly sent to any one of the license servers, and a dialog box or the like is popped up on the license server to alert the user. Of course, the method of alert notification is not limited to this, and the approval server may be only required to notify the user of the abnormality.
In addition, when one of the two mutually active license servers fails, such as the active license server fails, the standby license server fails, and the like, the authentication server can also compare the information carried in the load of the keep-alive message with the authorization information, so as to activate the alarm.
Correspondingly, a license anti-cloning method is provided, as shown in fig. 3, applied to a license server, and comprises the following steps:
s200, receiving and recording the authorization information sent by the authentication server.
Wherein the authorization information includes device information of the primary license server and the backup license server. After the license server receives the authorization information, the license server may record the authorization information locally, thereby forming local authorization information, and the licensed license server may be considered as the primary license server.
After generating the local authorization information, the primary license server synchronizes the local authorization information to the backup license server via communication.
S201, sending a keep-alive message to an authentication server.
After the local authorization information is acquired, the master license server starts to send a keep-alive message to the authentication server. The keep-alive message carries information such as equipment information, unique identification and the like.
S202, if updated authorization information sent by the authentication server is received, updating the local authorization information.
And S203, if the updated authorization information sent by the authentication server is not received in a preset period, marking the local authorization information as invalid.
When the authentication server determines that the device information (and the unique identifier, etc.) in the keep-alive message is consistent with the content in the authorization information recorded by the authentication server itself, the updated authorization information may be sent to the master license server, so that the authentication server and the master license server are synchronized. Thereafter, the primary license server synchronizes with the backup license server.
If the primary license server does not receive the updated authorization information sent by the authentication server within a preset period (for example, 6 hours), the primary license server may be considered to be faulty, for example, the connection between the primary license server and the authentication server is disconnected, or the keep-alive message fails authentication. Then, the master license server will mark itself as invalid, and the local authorization information in failure can still authorize the network devices connected thereunder, but will continuously remind the user to check for anomalies.
In order to avoid authentication by the user in a disconnected network manner and realize the cloning of the license, after marking the local authorization information of the user as invalid in step S203, the method further comprises:
s204, if the time of the local authorization information marked as invalid exceeds the preset time, deleting the local authorization information.
After the user is set to be invalid, if the elapsed time exceeds the preset time (for example, 3 days), the user can be determined that the user does not attempt to repair the abnormality or the abnormality cannot be repaired and needs to be supported, and the master license server can terminate the self authorization function by deleting the recorded local authorization information, so that the user can be re-authenticated or the manufacturer can be contacted for assistance.
Correspondingly, a license anti-cloning device is provided, which is applied to an authentication server, as shown in fig. 4, and comprises:
a generation unit configured to generate authorization information of the license server that passes the authentication, wherein the authorization information includes device information of the primary license server and the backup license server;
the sending unit is used for sending the authorization information to the main license server so that the main license server generates local authorization information according to the authorization information;
and the authentication unit is used for updating the local authorization information of the main license server and discarding the keep-alive messages sent by the standby license server if the keep-alive messages sent by the main license server and the standby license server are respectively received in a preset period.
Further, the authentication unit is further configured to compare, if only the keep-alive message sent by the standby license server is received within a preset period, the device information carried by the keep-alive message with the generated authorization information;
if the two types of the license servers are consistent, the standby license server is switched to the main license server;
if the primary license server and the standby license server are inconsistent, the primary license server and the standby license server are marked as invalid in the generated authorization information.
Optionally, the keep-alive message carries device information and a unique identifier corresponding to the license server, and the authorization information further comprises the unique identifier;
the authentication unit is also used for comparing the equipment information and the unique identifier carried in the keep-alive message and the equipment information and the unique identifier recorded in the license server after receiving the keep-alive message of the main license server;
if the local authorization information is consistent with the local authorization information recorded in the main license server, updating the local authorization information recorded in the main license server;
if the primary license server and the standby license server are inconsistent, the primary license server and the standby license server are marked as invalid in the generated authorization information.
Optionally, the device further includes:
and the alarm unit is used for sending alarm notification.
Correspondingly, a license anti-cloning device is provided, which is applied to a license server, as shown in fig. 5, and comprises:
a receiving unit, configured to receive and record authorization information sent by an authentication server, where the authorization information includes device information of a primary license server and a backup license server;
the sending unit is used for sending the keep-alive message to the authentication server;
the updating unit is used for updating the local authorization information if the updated authorization information sent by the authentication server is received;
and the processing unit is used for marking the local authorization information of the processing unit as invalid if the updated authorization information sent by the authentication server is not received in a preset period.
Optionally, the device further includes:
and the deleting unit is used for deleting the local authorization information if the time of the local authorization information marked as invalid exceeds the preset time.
Correspondingly, a server is provided, as shown in fig. 6, comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: method steps implementing any of the above. That is, the server may be a function for realizing the authentication server alone, or a function of the license server alone.
Correspondingly, a machine-readable storage medium is provided, storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to: method steps implementing any of the above. That is, the server may be a function for realizing the authentication server alone, or a function of the license server alone
The technical scheme provided by the embodiment of the specification can comprise the following beneficial effects:
in the embodiment of the specification, the preset period is set in the device, and when the keep-alive messages of the main license server and the standby license server are received in the preset period, only the main license server is updated with the authorization information, so that the problem that the license servers are cloned due to the fact that the main license server and the standby license server are respectively authorized after the connection between the main license server and the standby license server is disconnected is avoided, and the reliability of authentication is improved.
It is to be understood that the present description is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present description is limited only by the appended claims.
The foregoing description of the preferred embodiments is provided for the purpose of illustration only, and is not intended to limit the scope of the disclosure, since any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the disclosure are intended to be included within the scope of the disclosure.

Claims (13)

1. A license anti-cloning method, applied to an authentication server, comprising:
generating authorization information of the authenticated license server, wherein the authorization information comprises equipment information of the main license server and the standby license server;
issuing the authorization information to the master license server so that the master license server generates local authorization information according to the authorization information;
and if the keep-alive messages sent by the main license server and the standby license server are respectively received in a preset period, updating the local authorization information of the main license server, and discarding the keep-alive messages sent by the standby license server.
2. The method as recited in claim 1, further comprising:
if only the keep-alive message sent by the standby license server is received in a preset period, comparing the equipment information carried by the keep-alive message with the generated authorization information;
if the standby license server is consistent with the primary license server, switching the standby license server to the primary license server;
and if the primary license server and the standby license server are inconsistent, marking the primary license server and the standby license server as invalid in the generated authorization information.
3. The method of claim 1, wherein the keep-alive message carries device information and a unique identifier corresponding to a license server, and the authorization information further includes the unique identifier;
the method further comprises the steps of:
after receiving the keep-alive message of the master license server, comparing the equipment information, the unique identifier and the authorization information carried in the keep-alive message;
if the local authorization information is consistent with the local authorization information recorded in the main license server, updating the local authorization information recorded in the main license server;
and if the primary license server and the standby license server are inconsistent, marking the primary license server and the standby license server as invalid in the generated authorization information.
4. A method according to claim 2 or 3, wherein after marking the primary license server and the backup license server as dead in the generated authorization information, further comprising:
and sending an alarm notification.
5. A license anticloning method, applied to a license server, comprising:
receiving and recording authorization information sent by an authentication server, wherein the authorization information comprises equipment information of a main license server and a standby license server;
sending a keep-alive message to the authentication server, so that if the authentication server respectively receives the keep-alive messages sent by the main license server and the standby license server in a preset period, updating the local authorization information of the main license server and discarding the keep-alive message sent by the standby license server;
if the updated authorization information sent by the authentication server is received, updating the local authorization information;
if the updated authorization information sent by the authentication server is not received in the preset period, marking the local authorization information as invalid.
6. The method of claim 5, further comprising, after marking the local authorization information of itself as invalid:
and if the time of the local authorization information marked as invalid exceeds the preset time, deleting the local authorization information.
7. A license anti-clone apparatus, characterized by being applied to an authentication server, comprising:
a generation unit configured to generate authorization information of a license server that passes authentication, wherein the authorization information includes device information of a primary license server and a backup license server;
the sending unit is used for sending the authorization information to the main license server so that the main license server generates local authorization information according to the authorization information;
and the authentication unit is used for updating the local authorization information of the main license server and discarding the keep-alive message sent by the standby license server if the keep-alive messages sent by the main license server and the standby license server are respectively received in a preset period.
8. The apparatus of claim 7, wherein the device comprises a plurality of sensors,
the authentication unit is further configured to compare, if only the keep-alive message sent by the standby license server is received within a preset period, device information carried by the keep-alive message with the generated authorization information;
if the standby license server is consistent with the primary license server, switching the standby license server to the primary license server;
and if the primary license server and the standby license server are inconsistent, marking the primary license server and the standby license server as invalid in the generated authorization information.
9. The apparatus of claim 7, wherein the keep-alive message carries device information and a unique identifier corresponding to a license server, and wherein the authorization information further includes the unique identifier;
the authentication unit is further configured to compare, after receiving the keep-alive message of the master license server, device information and a unique identifier carried in the keep-alive message with device information and a unique identifier recorded in the license server;
if the local authorization information is consistent with the local authorization information recorded in the main license server, updating the local authorization information recorded in the main license server;
and if the primary license server and the standby license server are inconsistent, marking the primary license server and the standby license server as invalid in the generated authorization information.
10. A license anti-clone apparatus, characterized by being applied to a license server, comprising:
a receiving unit, configured to receive and record authorization information sent by an authentication server, where the authorization information includes device information of a primary license server and a backup license server;
a sending unit, configured to send a keep-alive message to the authentication server, so that if the authentication server receives the keep-alive messages sent by the active license server and the standby license server in a preset period respectively, the local authorization information of the active license server is updated, and the keep-alive message sent by the standby license server is discarded;
the updating unit is used for updating the local authorization information if the updated authorization information sent by the authentication server is received;
and the processing unit is used for marking the local authorization information of the processing unit as invalid if the updated authorization information sent by the authentication server is not received in a preset period.
11. The apparatus as recited in claim 10, further comprising:
and the deleting unit is used for deleting the local authorization information if the time of the local authorization information marked as invalid exceeds the preset time.
12. A server comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: method steps of any one of claims 1-4 or any one of claims 5-6 are carried out.
13. A machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to: method steps of any one of claims 1-4 or any one of claims 5-6 are carried out.
CN202210290216.0A 2022-03-23 2022-03-23 License anti-cloning method and device Active CN114710332B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210290216.0A CN114710332B (en) 2022-03-23 2022-03-23 License anti-cloning method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210290216.0A CN114710332B (en) 2022-03-23 2022-03-23 License anti-cloning method and device

Publications (2)

Publication Number Publication Date
CN114710332A CN114710332A (en) 2022-07-05
CN114710332B true CN114710332B (en) 2023-09-15

Family

ID=82168004

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210290216.0A Active CN114710332B (en) 2022-03-23 2022-03-23 License anti-cloning method and device

Country Status (1)

Country Link
CN (1) CN114710332B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115630341B (en) * 2022-12-22 2023-03-10 湖南国科亿存信息科技有限公司 Software license authorization control method and system in high-availability storage equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103441870A (en) * 2013-08-20 2013-12-11 苏州迈科网络安全技术股份有限公司 Intelligent real-time seamless switching two unit standby method
WO2015131548A1 (en) * 2014-09-17 2015-09-11 中兴通讯股份有限公司 Method for protecting bfd, and device
CN106131011A (en) * 2016-07-07 2016-11-16 杭州华三通信技术有限公司 A kind of license confirmation method and device
CN107707435A (en) * 2017-09-14 2018-02-16 新华三技术有限公司 A kind of message processing method and device
CN108400991A (en) * 2018-03-03 2018-08-14 西安交大捷普网络科技有限公司 Identity authentication method under a kind of virtual environment
CN110162936A (en) * 2019-05-31 2019-08-23 北京比特安索信息技术有限公司 A kind of use authorization method of software content
CN113536237A (en) * 2021-06-23 2021-10-22 西安万像电子科技有限公司 License control method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9955332B2 (en) * 2009-01-28 2018-04-24 Headwater Research Llc Method for child wireless device activation to subscriber account of a master wireless device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103441870A (en) * 2013-08-20 2013-12-11 苏州迈科网络安全技术股份有限公司 Intelligent real-time seamless switching two unit standby method
WO2015131548A1 (en) * 2014-09-17 2015-09-11 中兴通讯股份有限公司 Method for protecting bfd, and device
CN106131011A (en) * 2016-07-07 2016-11-16 杭州华三通信技术有限公司 A kind of license confirmation method and device
CN107707435A (en) * 2017-09-14 2018-02-16 新华三技术有限公司 A kind of message processing method and device
CN108400991A (en) * 2018-03-03 2018-08-14 西安交大捷普网络科技有限公司 Identity authentication method under a kind of virtual environment
CN110162936A (en) * 2019-05-31 2019-08-23 北京比特安索信息技术有限公司 A kind of use authorization method of software content
CN113536237A (en) * 2021-06-23 2021-10-22 西安万像电子科技有限公司 License control method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
CARA-BAN: Clone Attack Resistant Authentication Scheme in Body Area Networks Using Channel Characteristics;Mubarak Umar;《2020 International Conference on Networking and Network Applications (NaNA)》;全文 *
优化的信息中心虚拟化实施方案;刘德文;倪明;颜爱良;;计算机系统应用(第04期);全文 *

Also Published As

Publication number Publication date
CN114710332A (en) 2022-07-05

Similar Documents

Publication Publication Date Title
USRE40791E1 (en) Method and system for verifying the authenticity of a first communication participants in a communications network
CN114710332B (en) License anti-cloning method and device
JP4778282B2 (en) Communication connection method, system, and program
JP4020520B2 (en) Connected device
US20130227173A1 (en) Information notification apparatus, method, and program product
JP5375605B2 (en) Authentication system and authentication method
CN103475465B (en) MACsec key update method and device in ISSU process
CN109587134A (en) Method, apparatus, equipment and the medium of the safety certification of interface bus
JP5272968B2 (en) Relay communication system and access management apparatus
KR20130073801A (en) Method for remote controlling an user equipment and an user equipment thereof
JP2004295656A (en) Communication system, client device, load distribution method of server device by client device
JP5077311B2 (en) Relay communication system and access management apparatus
JP5272974B2 (en) Relay communication system and access management apparatus
CN114614985B (en) Communication key updating method, key server and readable storage medium
CN111010374B (en) APP offline call implementation method, device, equipment and medium
JP2010251945A (en) Electronic certificate management system for communication authentication and terminal device
JP5003738B2 (en) Relay communication system and access management apparatus
KR20000002241A (en) Secret key renewal using key generating function renewal of wireless communication network
CN116866473A (en) Identity display method, terminal and server based on trusted communication
JP2005094323A (en) System and method for notifying event
Zagorac et al. Integration of Third-Party Smart Locks into the Smart Home System
JP2004206361A (en) Remote monitoring system and computer program using radio terminal
WO2022129062A1 (en) A method for checking if an update of a file comprising data has been done on a secure element cooperating with a terminal
JP5272967B2 (en) Relay communication system and access management apparatus
CN115242418A (en) Robot authentication system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant