CN115529139A - Object serialization-based online software encryption authorization system and method - Google Patents
Object serialization-based online software encryption authorization system and method Download PDFInfo
- Publication number
- CN115529139A CN115529139A CN202211093043.XA CN202211093043A CN115529139A CN 115529139 A CN115529139 A CN 115529139A CN 202211093043 A CN202211093043 A CN 202211093043A CN 115529139 A CN115529139 A CN 115529139A
- Authority
- CN
- China
- Prior art keywords
- unit
- client
- lic
- har
- authorization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 75
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000009434 installation Methods 0.000 claims abstract description 21
- 230000008676 import Effects 0.000 claims abstract description 13
- 230000006978 adaptation Effects 0.000 claims abstract description 3
- 238000012795 verification Methods 0.000 claims description 11
- 230000002457 bidirectional effect Effects 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 6
- 238000009826 distribution Methods 0.000 claims description 6
- 238000003860 storage Methods 0.000 claims description 6
- 230000000694 effects Effects 0.000 claims description 3
- 238000012790 confirmation Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 abstract description 14
- 230000005540 biological transmission Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 238000001994 activation Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Abstract
The invention provides an online software encryption authorization system and method based on object serialization. The method comprises the following steps: client and server. Wherein the client includes: a client adaptation unit; an input unit; an HAR information reading unit; an HAR lock object generation unit; an HAR lock encryption unit; a scrambling unit; an HAR lock object serialization unit; a client manual import/download unit; a manual loading unit; an automatic transmit-receive unit; an LIC subject deserialization unit; a LIC decryption unit; a LIC authorization presentation unit; the LIC authorizes the installation unit. The system can improve the security of a commercial software encryption authorization system and the security in the process, effectively avoids commercial software from being stolen and information from being stolen, and can reduce the learning cost of a user and improve the user experience.
Description
Technical Field
The invention relates to an object serialization-based online software encryption authorization system and method, and belongs to the technical field of computer science.
Background
The software encryption authorization technology relates to a plurality of fields of computer software, hardware, network and cryptography, statistical mathematics and the like. With the rapid development of information technology, the internet and the digital wave come, and the convenient, safe and high-performance software authorization technology is more and more widely concerned.
The software encryption authorization method can be roughly divided into two stages:
the first method is as follows: windows 2000 was dominated by the "registrar" mode.
The software detects some software and hardware information of the current computer to generate a feature code, and the feature code and the personal information are delivered to a software developer to acquire registration information generated according to the information when a user registers for payment. Although the problem that software is illegally used is solved to a certain extent by the registration mode, inconvenience is brought to users, when users upgrade and change hardware or change computers, original feature codes are changed, registration information is invalid, the registration information needs to be submitted to developers again and required once, and cost brought by software maintenance is increased exponentially for the developers.
The second method comprises the following steps: the Windows Vista epoch begins to dominate the "active" mode.
The user inputs a serial number bound with the product, the software generates a verification code according to the input serial number by detecting corresponding computer environment information, and then the verification code is submitted to a remote verification server set by a developer, the server can automatically verify the validity of the serial number, and a legal authorization file is sent to the user according to the submitted verification code, so that the user can obtain all functions. The activation process is done entirely by the software itself and the network, no user transmission is required, and the activation process is also instantaneous. In order to prevent the user from sharing the serial number with others, the server performs time detection while verifying the validity of the serial number, that is, a legal serial number can be bound with several groups of feature codes at most. When the specified number of times is exceeded, this serial number will become illegal.
In the realization of an 'activation' mode, the mainstream realization at present has schemes such as DES/AES encryption and digital certificates, but the schemes have more or less certain potential safety hazards from the aspects of cryptography or sociology, no matter through violent cracking by calculation, transmission interception, information forgery or the custody measures of people on private keys. Therefore, a new method is needed, which does not increase the existing user cost and has good user experience on the premise of ensuring the security and high performance of the whole encryption authorization system.
Abbreviations and key term definitions herein:
DES: the DES algorithm is a symmetric cryptosystem in the cryptosystem, the plaintext is divided into groups according to 64 bits, the key length is 64 bits, the key is actually 56 bits and participates in DES operation (8 th, 16 th, 24 th, 32 th, 40 th, 48 th, 56 th and 64 th bits are check bits, so that each key has odd number of 1), the plaintext groups after grouping and the 56 bits of keys form the encryption method of the ciphertext groups by bit substitution or exchange.
AES: the AES algorithm is an asymmetric encryption method in cryptosystem, which uses a pair of key, public key (public key) and private key (private key). The private key can only be safely kept by one party and cannot be leaked out, while the public key can be sent to any person who requests it. Asymmetric encryption uses one of the pair of keys for encryption, while decryption requires the other key.
And MD5: the MD5 Message Digest Algorithm (english: MD5 Message-Digest Algorithm), a widely used cryptographic hash function, can generate a 128-bit (16-byte) hash value (hash value) to ensure the integrity of the Message transmission.
SHA-1/2: SHA-1/2 (English: secure Hash Algorithm, chinese name: secure Hash Algorithm) is a cryptographic Hash function.
HOME: the client software installs the full path.
OS NAME: the client software runs an operating system.
HARDWARE INFO: the client software runs hardware information and comprises the following steps: network MAC and Hard Disk
Network MAC: the MAC Address (english: media Access Control Address) is translated into a Media Access Control Address, which is also called a physical Address and a hardware Address, and is an EPROM (flash memory chip) that is burned into a Network Card (Network interface Card) when manufactured by a Network device manufacturer.
Hard Disk: hard disks are the most prominent storage devices for computers.
CA: a digital Certificate Authority (abbreviated as CA), also called an e-commerce authentication center and an e-commerce authentication Authority, is an Authority responsible for issuing and managing digital certificates, and is a trusted third party in e-commerce transactions, and is responsible for verifying the validity of a public key in a public key system.
B/S: namely a Browser-Server Browser-Server structure, a B/S structure is a network structure mode after WEB is started, and a WEB Browser is the most main application software of a client
C/S: i.e., a Client-Server (C/S) structure, which generally takes a two-layer structure. The server is responsible for data management, and the client is responsible for completing interaction tasks with the user.
ToB: the scene mainly faces to enterprise user service;
ToC: the scene mainly faces to common user service;
HAR: a Hardware lock Hardware lock;
LIC: license.
DES and AES are currently widely used software encryption authorization methods. They differ in that DES is symmetric encryption, where the same key is used for both encryption and decryption on the transmitting and receiving sides, whereas AES is asymmetric encryption, where each user has a pair of keys: public key (Public key) and Private key (Private key). The public key can be widely distributed and streamed, while the private key must be properly stored; when a message is encrypted by one of the keys, the other key must be used to decrypt the message.
Unlike DES, which uses only the same key, AES has two keys (a private key and a public key) and encrypts the private key using the public key for decryption.
The logic is as shown in the figure:
although DES and AES have a relatively high security degree for encryption, security is often not only encryption and decryption, but also involves many aspects such as transmission and storage, and in these dimensions, they have the following disadvantages:
DES: in most cases, the key needs to be transmitted through a network, and the key is easy to steal in the process. And the information can be completely cracked without other precautionary measures after being stolen.
AES: data security can be ensured when the public key is stolen, but the receiving party cannot confirm whether the message is forged by the transmitting party or others. The authenticity of the information cannot be completely guaranteed in the system.
An encryption method based on a digital certificate is another widely used software encryption authorization method.
Digital certificates are certificates issued by an authoritative CA authority that cannot be forged, used to verify the identity of the sending entity. The problem is solved by only needing the sender A to find an authoritative CA organization to apply for issuing a digital certificate, wherein the certificate contains the related data information of A and the public key of A, and then sending the text A, the digital certificate and the digital signature generated by A to B, at the moment, the intermediary M cannot tamper the text content and forwards the text content to B, because M cannot possess the private key of the CA, the digital certificate cannot be randomly manufactured. Of course, if M also applies for the digital certificate of the same CA and replaces and sends the modified text, the digital certificate of M, and the digital signature of M, at this time, when B receives data, it will check whether the information in the digital certificate M is consistent with the current communication party, and find that the personal information in the digital certificate is M is not a, which indicates that there is a replacement risk in the certificate, and may choose to interrupt communication.
The digital certificate can ensure that information is not tampered in the transmission process and data cannot be forged. But the shortcoming is obvious, after introducing third party CA authentication, still reduced operating efficiency when having increased the cost by a wide margin, in addition the installation, maintenance, compatible, upgrade, etc. of relevant certificate all bring extra study cost for customer/user, have reduced user experience.
Disclosure of Invention
The invention provides an object serialization-based online software encryption authorization system and method, and the system and method are widely applicable to Windows/Linux/Unix, B/S and C/S, toB/Toc and commercial software encryption and authorization of public cloud/private cloud/local network. The system can improve the security of a commercial software encryption authorization system and process, effectively avoid the commercial software from being stolen and information from being stolen, and simultaneously can reduce the learning cost of a user and improve the user experience.
The invention designs and realizes an online software encryption and authorization system based on object serialization, which comprises the following components: client and server.
Wherein the client includes: the client side adapting unit is used for adapting a client side interface; the input unit is used for manually inputting the product authorization serial code by a user; the HAR information reading unit reads the unique UUID of the hard disk, the network card, the MAC and the CPU according to the OS; the HAR lock object generating unit generates a memory object according to the read hardware information; the HAR lock encryption unit is used for encrypting part of key attributes in the memory object by SHA2 and DES; the code mixing unit is used for mixing the DES bidirectional encryption KEY at the client, the DES bidirectional encryption KEY has a one-to-one correspondence relationship with the installation client and is not repeated, and the KEY is managed by the server and generates a KEY with a 128-bit offset of 4, and the KEY is carried by the installation client; an HAR lock object serialization unit that serializes the HAR object; the client manual importing/downloading unit can manually import the serialized HAR information on a machine which is connected with the Internet by a third party and download the authorized LIC under the condition that the client is not connected with the Internet; the manual loading unit is used for manually loading the downloaded LIC into the client and verifying the LIC; the automatic transceiving unit transmits the generated HAR serialized object to the server end through the Internet and receives the LIC object returned by the server; the LIC object deserialization unit is used for verifying and deserializing and restoring the received LIC object; the LIC decryption unit is used for performing DES decryption on key attributes in the deserialized LIC object; the LIC authorization display unit is used for displaying the acquired client software authorization information to a client; and the LIC authorization installation unit is used for formally installing the LIC on the client server after the client confirms the authorization information.
The server side includes: the server-side manual import/download unit is used for butting the client-side manual import/download unit to perform HAR manual import and LIC download; the automatic receiving unit receives the HAR object transmitted online by the automatic receiving and transmitting unit of the client; the authentication unit is used for carrying out safety verification and identifying the request, the uniqueness of the client, the information consistency and the information integrity; the HAR object deserializing unit is used for deserializing the HAR object manually imported by the client or transmitted by the interface; the checking unit is used for checking the service validity; the HAR lock decryption unit is used for decrypting the key attribute in the object, wherein the key comes from negotiation and distribution with the server before the client is installed; the authorization and control unit judges and controls the service authorization data and controls the authorization applying times of the same authorization sequence code; the display unit displays the obtained authorization data for the user to confirm; the LIC generating unit generates the LIC installed by the final client after the client confirms the authorization information; the storage unit is used for logging the detailed information of the activity and storing the LIC; the encryption and serialization unit is used for performing DES encryption on the key attribute of the LIC and serializing the object; and the automatic sending unit is used for calling back the callback interface received by the automatic receiving unit and sending the LIC to the client.
The invention also provides an online software encryption and authorization method based on the system, which is shown in figure 2. In the technical scheme, the client supports Linux/Unix/Windows, B/S or C/S, which is a key factor for the scheme to be widely applied to various service systems and scenes.
The method comprises the following steps:
(1) Installing a business program;
(2) Binding and distributing an authorization client KEY;
(3) Authorizing client installation;
(4) Acquiring software and hardware information of a commercial program installation server;
(5) Generating HAR information through an authorized sequence code;
(6) Encrypting through a client KEY and generating a serial number object;
(7) Checking/deserializing and decrypting the serial number object;
(8) Authorizing and generating the LIC;
(9) Encrypting and serializing the LIC;
(10) Checking/deserializing and decrypting the LIC;
(11) And (7) authorizing installation.
The method actively judges and calls a corresponding display terminal through the forms of a client OS and client software; usually, the authorized client program and the business program of the client should be installed in the same physical server or local area network, if the above conditions cannot be met, the installation address of the business program should be configured at the authorized client, and the business program is in a running state in the authorization process. So that the authorized client program can obtain the software and hardware configuration, client type, etc. of the business program.
In the technical scheme, the authorization client is distributed from the authorization server, and a unique KEY is statically bound in the distribution process, wherein the KEY is the unique identifier of the client and is also one of KEYs for communication between the client and the server.
The invention relates to an on-line software encryption authorization system and method based on object serialization, and the technical scheme has the following beneficial effects:
1. at present, the charge year/client of the CA certificate is more than one hundred yuan, the scheme does not need the CA certificate and can provide maximum safety guarantee for the whole encryption and authorization process, and when the number of customers reaches a certain magnitude, the scheme saves huge cost for related service providers;
2. the installation, maintenance, upgrading and compatibility of related digital certificates and the storage of various physical UKs are pain points of users in the using process, and the scheme has no related certificates and physical UKs, so that the learning cost of customers is reduced, and the user experience is increased;
3. the invention is suitable for Windows/Linux/Unix, B/S and C/S, toB/Toc terminal, and commercial software low-cost encryption authorization scene in public cloud/private cloud/local area network;
4. the invention improves the security of a commercial software encryption authorization system and the process through end-to-end initial encryption and distribution and through a low-cost mode of four-code integration such as serialization, deserialization and the like, effectively avoids the commercial software from being stolen and information from being stolen, and can reduce the learning cost of users and improve the user experience.
Drawings
Fig. 1 shows a complete architecture diagram of a client and a server included in the present invention (an object serialization-based online soft encryption authorization apparatus and method);
FIG. 2 is a flow chart showing a typical application scenario of the present invention (an object serialization-based online soft encryption authorization apparatus and method);
fig. 3 shows a communication technology and a process diagram of the present invention (an online soft encryption authorization apparatus and method based on object serialization).
Detailed Description
The invention designs and realizes an online software encryption and authorization system based on object serialization, which comprises: client and server.
Wherein the client includes: a client adaptation unit 106 adapted to a client interface; an input unit 108 for a user to manually input a product authorization serial code; the HAR information reading unit 110 reads the unique UUID of the hard disk, the network card, the MAC, and the CPU according to the OS; an HAR lock object generating unit 112, which generates a memory object according to the read hardware information; the HAR lock encryption unit 114 is used for performing SHA2 and DES encryption on part of key attributes in the memory object; the code mixing unit 116 is used for mixing the DES bidirectional encryption KEY at the client, the DES bidirectional encryption KEY has a one-to-one correspondence relationship with the installation client and is not repeated, and the KEY is managed by the server and generates a KEY with a 128-bit offset of 4, and the KEY is carried by the installation client; a HAR lock object serialization unit 118 to serialize HAR objects; a client manual importing/downloading unit 120, which can manually import the serialized HAR information into a third-party internet-connected machine and download an authorized LIC when the client is not connected to the internet; a manual loading unit 122, which manually loads the downloaded LIC into the client and performs verification; the automatic transceiving unit 124 transmits the generated HAR serialized objects to the server side through the Internet and receives the LIC objects returned by the server; the LIC object deserializing unit 126 is configured to verify and deserialize and restore the received LIC object; the LIC decryption unit 128 is used for performing DES decryption on key attributes in the deserialized LIC object; the LIC authorization presentation unit 130 is used for presenting the acquired client software authorization information to the client; and an LIC authority installation unit 132 for formally installing the LIC on the client server after the client confirms the authorization information.
The server side includes: a server-side manual import/download unit 134 which is connected with the client-side manual import/download unit for HAR manual import and LIC download; an automatic receiving unit 136 for receiving the HAR object transmitted online from the client-side automatic transmitting/receiving unit; an authentication unit 138 for performing security verification to identify the request, the client uniqueness, the information consistency and the information integrity; the HAR object deserializing unit 140 deserializes the HAR object which is manually imported by the client or is transmitted by the interface; a checking unit 142 for checking the service validity; the HAR lock decryption unit 144 is used for decrypting the key attributes in the object, wherein the key comes from negotiation and distribution with the server before the client is installed; the authorization and control unit 146 judges and controls the service authorization data, and controls the authorization applying times of the same authorization sequence code; presentation unit 148 presents the obtained authorization data for user confirmation; an LIC generating unit 150 that generates a final client-installed LIC after the client confirms the authorization information; a storage unit 152, which logs the detailed information of the activity and stores LIC; an encryption and serialization unit 154, which performs DES encryption on the key attribute of LIC and serializes the object; and an automatic sending unit 156, which recalls the callback interface received by the automatic receiving unit and sends the LIC to the client.
The invention also provides an online software encryption and authorization method based on the system, which is shown in figure 2. In the technical scheme, the client supports Linux/Unix/Windows, B/S or C/S, which is a key factor for the scheme to be widely applied to various service systems and scenes.
The method comprises the following steps:
(1) Installing a business program;
(2) Binding and distributing an authorized client KEY;
(3) Authorizing client installation;
(4) Acquiring software and hardware information of a commercial program installation server;
(5) Generating HAR information through an authorized sequence code;
(6) Encrypting through a client KEY and generating a serial number object;
(7) Checking/deserializing and decrypting the serial number object;
(8) Authorising and generating the LIC;
(9) Encrypting and serializing the LIC;
(10) Checking/deserializing and decrypting the LIC;
(11) And (5) authorizing installation.
In the technical scheme, the software and hardware information of the commercial program installation server is obtained, and the authorization client supports three deployment and service providing modes: the first method comprises the following steps: the authorized client and the business program are deployed in the same physical server, and the method is often used for the business program to be a single application; and the second method comprises the following steps: the authorized client and the business program are deployed in the same physical local area network but are respectively deployed on different servers, and the mode is commonly used in a business program cluster environment; and the third is that: authorization clients deployed on the internet/proprietary cloud provide common authorization support for multiple business programs, a manner commonly used for distributed business programs.
In the technical scheme, HAR information and product authorization sequence codes are generated through authorization sequence codes, and usually, a product provider transmits the information to a product purchaser in a physical form or an e-mail form such as a product encryption card, a product authorization card, a user registration card and the like; the product authorization sequence code is used for identifying the uniqueness of the transaction behavior and exists in a plaintext form, and the sequence code does not play a key role in the information encryption process.
In the technical scheme, a client KEY is used for encrypting and generating a serial number object, DES encryption and serialization are carried out on KEY information, a KEY is a unique mark of the client, and the KEY is irreversibly encrypted and stored in a code mixing mode to ensure the safety of the service binding and distribution; the other core is that the whole HAR is regarded as an integral object, the attribute of the integral object is related encryption key information, the security and consistency of data interaction between the client and the server are guaranteed through serialization, and in addition, SHA2 single-item encryption is carried out on the byte codes after serialization in the serialization process; in the whole HAR production process, the dual encryption algorithm of DES encryption and object byte code SHA2 encryption is carried out on the attributes, so that the HAR has higher security and higher risk resistance.
In the technical scheme, the serial number object is verified/deserialized and decrypted, and an HAR object transmitted by a client is verified, deserialized and decrypted; the verification of the method needs to ensure the four-code integration, namely, the safety, the accuracy, the consistency and the authenticity of the information are verified by four means; the first is a key bound by the server for the client and used for verifying the legality of the client, the second is DES and SHA2 encryption information used for guaranteeing the safety of the information, the third is that the serialization and deserialization realization rules can guarantee the legality of a request source and data, and the last is an authorization sequence code which can identify the authorized service authenticity and authorization control logic; the four codes are authorized by a server, controlled by technical rules and exist in the physical world, any one code is automatically terminated without passing the verification and authorization process, and even if three codes in the four codes are stolen, forged or cracked, the authorization process cannot pass, and commercial software cannot be stolen; compared with the traditional mode, the safety of the whole process and system is improved on the premise of not increasing the cost.
In the technical scheme, the LIC is authorized and generated, namely a final authorization file; in practical application scenarios, this step will often request other applications or services in the back end of the enterprise, such as contract system, financial system, order system, etc., to obtain detailed information of the business authorization.
In the technical scheme, the LIC is encrypted and serialized, and the encrypted information is transmitted to an authorized client by adopting the same scheme of combining four codes into one. In the technical scheme, the LIC is verified/deserialized and decrypted, the verification is passed and the decryption is carried out, and the LIC is installed after a user confirms that the authorization information is correct; the installation method is different according to the deployment mode of step 212, and can be deployed in the authorized client local server as an independent service provider or in the business program server.
In the above technical solution, the communication mode between the client 300, the server 302 and the business program 304 includes: http service, webService, RMI, and/or AMF, as shown in fig. 3.
Claims (3)
1. An online software encryption authorization system based on object serialization, comprising: a client and a server;
wherein the client includes: a client adaptation unit (106) adapting a client interface; an input unit (108) for a user to manually input a product authorization sequence code; the HAR information reading unit (110) reads the unique UUID of the hard disk, the network card, the MAC and the CPU according to the OS; an HAR lock object generation unit (112) that generates a memory object from the read hardware information; the HAR lock encryption unit (114) is used for encrypting part of key attributes in the memory object by SHA2 and DES; a code mixing unit (116) which mixes the DES bidirectional encryption KEY at the client, wherein the DES bidirectional encryption KEY has a one-to-one correspondence relationship with the installation client and is not repeated, and the KEY is managed by the server and generates a KEY with a 128-bit offset of 4, and the KEY is carried by the installation client; a HAR lock object serialization unit (118) that serializes the HAR object; a client manual importing/downloading unit (120) which can manually import the serialized HAR information on a machine with internet connection of a third party and download the authorized LIC under the condition that the client is not connected with the internet; a manual loading unit (122) for manually loading the downloaded LIC into the client and verifying the loaded LIC; the automatic transceiving unit (124) transmits the generated HAR serialized objects to the server side through the Internet and receives the LIC objects returned by the server; an LIC object deserialization unit (126) which checks and deserializes and restores the received LIC object; the LIC decryption unit (128) is used for performing DES decryption on key attributes in the deserialized LIC object; the LIC authorization presentation unit (130) is used for presenting the acquired client software authorization information to a client; an LIC authorization installation unit (132) for formally installing the LIC on the client server after the client confirms the authorization information;
the server side includes: a server-side manual import/download unit (134) which is connected with the client-side manual import/download unit for HAR manual import and LIC download; an automatic receiving unit (136) for receiving the HAR object transmitted online from the client-side automatic transmitting/receiving unit; the authentication unit (138) is used for safety verification and identification of the request, the uniqueness of the client, the information consistency and the information integrity; the HAR object deserializing unit (140) deserializes the HAR object which is manually imported by the client or is transmitted by the interface; a checking unit (142) for checking the service validity; an HAR lock decryption unit (144) that decrypts key attributes in the object, wherein the key comes from negotiation and distribution with the server before client installation; the authorization and control unit (146) judges and controls the service authorization data and controls the authorization applying times of the same authorization sequence code; a presentation unit (148) presents the obtained authorization data for user confirmation; an LIC generation unit (150) for generating the LIC installed in the final client after the client confirms the authorization information; a storage unit (152) for logging the detailed information of the activity and storing the LIC; an encryption and serialization unit (154) which performs DES encryption on the LIC key attribute and serializes the object; and an automatic sending unit (156) for calling back the callback interface received by the automatic receiving unit and sending the LIC to the client.
2. An online software encryption authorization method based on the system of claim 1, comprising the following steps:
(1) Installing a business program;
(2) Binding and distributing an authorized client KEY;
(3) Authorizing client installation;
(4) Acquiring software and hardware information of a commercial program installation server;
(5) Generating HAR information through an authorized sequence code;
(6) Encrypting through a client KEY and generating a serial number object;
(7) Checking/deserializing and decrypting the serial number object;
(8) Authorizing and generating the LIC;
(9) Encrypting and serializing the LIC;
(10) Checking/deserializing and decrypting the LIC;
(11) And (5) authorizing installation.
3. The method of claim 2, wherein: the communication mode among the client, the server and the business program comprises the following steps: httpService, webService, RMI, and/or AMF.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211093043.XA CN115529139A (en) | 2022-09-08 | 2022-09-08 | Object serialization-based online software encryption authorization system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211093043.XA CN115529139A (en) | 2022-09-08 | 2022-09-08 | Object serialization-based online software encryption authorization system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115529139A true CN115529139A (en) | 2022-12-27 |
Family
ID=84698003
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211093043.XA Pending CN115529139A (en) | 2022-09-08 | 2022-09-08 | Object serialization-based online software encryption authorization system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115529139A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100235640A1 (en) * | 2009-03-16 | 2010-09-16 | Jun Satoh | Information processing apparatus, method of mutual authentication, mutual authentication program, and storage medium |
| CN102780699A (en) * | 2012-07-09 | 2012-11-14 | 广州杰赛科技股份有限公司 | Protecting method and protecting system for authentication server software copyright |
| CN104361267A (en) * | 2014-11-19 | 2015-02-18 | 厦门海迈科技股份有限公司 | Software authorization and protection device and method based on asymmetric cryptographic algorithm |
| CN108062461A (en) * | 2017-11-23 | 2018-05-22 | 珠海格力电器股份有限公司 | A kind of software authorization method, apparatus and system |
| CN113268715A (en) * | 2020-02-14 | 2021-08-17 | 中移(苏州)软件技术有限公司 | Software encryption method, device, equipment and storage medium |
-
2022
- 2022-09-08 CN CN202211093043.XA patent/CN115529139A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100235640A1 (en) * | 2009-03-16 | 2010-09-16 | Jun Satoh | Information processing apparatus, method of mutual authentication, mutual authentication program, and storage medium |
| CN102780699A (en) * | 2012-07-09 | 2012-11-14 | 广州杰赛科技股份有限公司 | Protecting method and protecting system for authentication server software copyright |
| CN104361267A (en) * | 2014-11-19 | 2015-02-18 | 厦门海迈科技股份有限公司 | Software authorization and protection device and method based on asymmetric cryptographic algorithm |
| CN108062461A (en) * | 2017-11-23 | 2018-05-22 | 珠海格力电器股份有限公司 | A kind of software authorization method, apparatus and system |
| CN113268715A (en) * | 2020-02-14 | 2021-08-17 | 中移(苏州)软件技术有限公司 | Software encryption method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102392420B1 (en) | Program execution and data proof scheme using multi-key pair signatures | |
| US11676133B2 (en) | Method and system for mobile cryptocurrency wallet connectivity | |
| KR100690417B1 (en) | Controlled distribution of application code and content data within a computer network | |
| US8261087B2 (en) | Digipass for web-functional description | |
| US7685421B2 (en) | System and method for initializing operation for an information security operation | |
| US8223969B2 (en) | Methods and systems for secure distribution of subscription-based game software | |
| US7568114B1 (en) | Secure transaction processor | |
| CN1985466B (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution CD | |
| US6834112B1 (en) | Secure distribution of private keys to multiple clients | |
| US6732277B1 (en) | Method and apparatus for dynamically accessing security credentials and related information | |
| US7823187B2 (en) | Communication processing method and system relating to authentication information | |
| US20020107804A1 (en) | System and method for managing trust between clients and servers | |
| JP2001326632A (en) | Distribution group management system and method | |
| JPH1185890A (en) | Financial institution server, security system for client web browser, and method therefor | |
| JPH10135942A (en) | Communication system, message processing method and computer system | |
| CN106936588B (en) | Hosting method, device and system of hardware control lock | |
| JP2010514000A (en) | Method for securely storing program state data in an electronic device | |
| US20220417028A1 (en) | Methods, Systems, and Devices for Server Control of Client Authorization Proof of Possession | |
| CN114244508A (en) | Data encryption method, device, equipment and storage medium | |
| US20030105876A1 (en) | Automatic generation of verifiable customer certificates | |
| WO2022252356A1 (en) | Data processing method and apparatus, electronic device, and medium | |
| KR100357859B1 (en) | Method for securing user's information thereof in mobile communication system over plural connecting with internet | |
| JP2004280401A (en) | Content delivery system and device, and program | |
| CN115529139A (en) | Object serialization-based online software encryption authorization system and method | |
| KR20020083551A (en) | Development and Operation Method of Multiagent Based Multipass User Authentication Systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20230803 Address after: Room A01, Room 02 and Room 03, 22/F, Building 1, Yinjiu Science and Technology Industrial Park (Phase II), No. 35, Guanggu Avenue, Dongxihu District, Wuhan City, 430040, Hubei Province (Wuhan Area, Free Trade Zone) Applicant after: Yushu (Wuhan) Digital Technology Co.,Ltd. Applicant after: Cheng Jingqun Address before: Room A01, Room 02 and Room 03, 22/F, Building 1, Yinjiu Science and Technology Industrial Park (Phase II), No. 35, Guanggu Avenue, Dongxihu District, Wuhan City, 430040, Hubei Province (Wuhan Area, Free Trade Zone) Applicant before: Yushu (Wuhan) Digital Technology Co.,Ltd. |
|
| CI02 | Correction of invention patent application | ||
| CI02 | Correction of invention patent application |
Correction item: transfer of patent application right Correct: Yushu (Wuhan) Digital Technology Co.,Ltd.|Room A01, Room 02 and Room 03, 22\F, Building 1, Yinjiu Science and Technology Industrial Park (Phase II), No. 35, Guanggu Avenue, Dongxihu District, Wuhan City, 430040, Hubei Province (Wuhan Area, Free Trade Zone) False: Yushu (Wuhan) Digital Technology Co.,Ltd.|Room A01, Room 02 and Room 03, 22\F, Building 1, Yinjiu Science and Technology Industrial Park (Phase II), No. 35, Guanggu Avenue, Dongxihu District, Wuhan City, 430040, Hubei Province (Wuhan Area, Free Trade Zone)|Cheng Jingqun Number: 33-01 Volume: 39 |
|
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20231007 Address after: No. 51-21, Chengyue Huanhu Road, Xisaishan District, Huangshi City, Hubei Province, 435000 Applicant after: Cheng Jingqun Address before: Room A01, Room 02 and Room 03, 22/F, Building 1, Yinjiu Science and Technology Industrial Park (Phase II), No. 35, Guanggu Avenue, Dongxihu District, Wuhan City, 430040, Hubei Province (Wuhan Area, Free Trade Zone) Applicant before: Yushu (Wuhan) Digital Technology Co.,Ltd. |