CN116010904A - Offline authorization method and system - Google Patents
Offline authorization method and system Download PDFInfo
- Publication number
- CN116010904A CN116010904A CN202211673063.4A CN202211673063A CN116010904A CN 116010904 A CN116010904 A CN 116010904A CN 202211673063 A CN202211673063 A CN 202211673063A CN 116010904 A CN116010904 A CN 116010904A
- Authority
- CN
- China
- Prior art keywords
- time
- license
- key
- des
- judging
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to the related field of authorization management and discloses an offline authorization method and system, which can use authorization information for protecting assets for a provider, so as to prevent the asset from being privately used in other places or purposes under the condition that the provider is unknown. Providing versatile operational possibilities, while offline, still being able to control software operation using an authorization mechanism; for the demander, the used functions and the rights are acquired, so that the demander can simplify the operation of the software asset conveniently, and the user is free from worrying about the influence of other unused functions.
Description
Technical Field
The invention relates to the related field of authorization management, in particular to an offline authorization method and system.
Background
License authorization is authorization permission of software use, the use code details the rights possessed in the software after the code is obtained, the use function, the operation authority and the user can be authorized, an authorization certificate is generated according to the hardware information (MAC address, IP address, CPU serial number and main board serial number) of a client server, meanwhile, the effective time and the expiration time can be set for the authorization certificate, when an item is started, the validity of the authorization certificate can be verified, whether the hardware information is matched within the validity period or not is judged, and if the authorization certificate is invalid, the item is started failure; additionally, license comments may be added to some core interfaces, such as login interfaces, and when the interfaces are requested, the validity of the authorization credentials, such as whether the authorization credentials are expired, may be verified, and if so, the interfaces may be denied access.
The current use codes and the use time can be operated by a networking party, the common authorization can acquire the system time for authorization checking, the edge cloud is positioned between the field layer and the cloud computing layer due to the edge layer of the edge computing, in most cases, the service computer of the edge cloud is not in butt joint with the Internet, the accuracy of the time cannot be ensured by using a network time checking function, the difficulty is caused for License authorization, and when License is deployed to an edge application or platform, if related personnel modify the time of deployment equipment or copy programs to other machines, great benefit loss can be caused to software owners.
Disclosure of Invention
The present invention is directed to an offline authorization method and system, so as to solve the problems set forth in the background art.
In order to achieve the above purpose, the present invention provides the following technical solutions:
an offline authorization method, comprising the steps of:
when a starting program is initialized, acquiring state information of unavailable alarms, judging the state information, and executing a BIOS judging program if the state information is characterized as no alarms, wherein the state information also comprises a state characterized as alarms;
executing the BIOS determination program, the BIOS determination program comprising the steps of: reading system BIOS time, judging the system BIOS time based on an authorized time period range, and generating a time judgment result, wherein the time judgment result comprises a time period and a time period;
when the time judging result is within the time period, acquiring a machine code, judging the machine code based on authorization information, if the machine code is not completely consistent, giving an unavailable alarm state as an alarm, and if the machine code is completely consistent, executing running guidance, wherein the running guidance is used for guiding a program to run;
and judging the state information of the unavailable alarm, and executing a suspension program when the state information is characterized as the alarm, wherein the suspension program is used for suspending the starting of the program and enabling the program to be in an unavailable state.
As a further aspect of the invention: the method also comprises the steps of:
when the time judging result is out of the time period, starting time judgment is carried out, and if the BIOS time is later than the starting time, the state of the unavailable alarm is given as the alarm;
when the BIOS time is earlier than the starting time, acquiring corresponding use time and carrying out auxiliary judgment, if the use time is not zero, giving the unavailable alarm state as an alarm, and if the use time is zero, giving the unavailable alarm state as no alarm.
As still further aspects of the invention: the method also comprises the steps of:
and acquiring a CPU serial number, a hard disk serial number and a main board serial number, scrambling the CPU serial number, the hard disk serial number and the main board serial number through a preset splicing rule, splicing, and encrypting through a preset encryption algorithm to generate a machine code.
As still further aspects of the invention: the method further comprises the step of encrypting the authorization code:
confirming License content, wherein the License content comprises a machine code, expiration time, the number of users and functional rights;
DES encryption, namely generating a DES key based on the machine code as a key seed, and performing item-by-item DES encryption on the License content through the DES key to generate a DES encryption item;
RSA encryption is carried out to generate an RSA key pair, wherein the RSA key pair comprises an RSA public key and an RSA private key, and the RSA private key is used for carrying out RSA encryption on the DES key to generate a DES encryption key;
and (3) packaging and encoding the License, namely assembling the DES encryption item, the DES encryption key and the RSA public key to generate the License, and encoding the License through a Base64 encoding rule to generate a License authorization code.
As still further aspects of the invention: the method further comprises the step of decrypting the authorization code:
base decoding, namely decoding the License authorization code through a Base64 coding rule to obtain each content item of the License;
RSA decrypting, namely decrypting the DES encryption key through an RSA public key to obtain the DES key, and if the DES key fails, characterizing License invalidation;
DES decryption, namely decrypting the DES encryption item through the DES key to obtain License content, and if the License content fails, characterizing that the License is invalid;
verifying machine codes, namely obtaining local machine codes, comparing and verifying the local machine codes with the machine codes in the License, judging whether the local machine codes are consistent with the machine codes, and if the local machine codes are inconsistent with the machine codes, characterizing that the License is invalid;
time verification, namely acquiring the local time and comparing the local time with the expiration time in the License, and if the local time exceeds the expiration time, characterizing that the License has expired;
and verifying the function authority and the user number.
An embodiment of the present invention is directed to an offline authorization system, including:
the alarm judging module is used for acquiring state information of unavailable alarms when a starting program is initialized, judging the state information, and executing a BIOS judging program if the state information is characterized as no alarms, wherein the state information also comprises a state characterized as alarms;
the authorization judging module is used for executing the BIOS judging program, and the BIOS judging program comprises the following steps: reading system BIOS time, judging the system BIOS time based on an authorized time period range, and generating a time judgment result, wherein the time judgment result comprises a time period and a time period;
the hardware verification module is used for acquiring a machine code when the time judgment result is within a time period, judging the machine code based on authorization information, giving an unavailable alarm state as an alarm if the machine code is not completely matched, and executing running guidance if the machine code is completely matched, wherein the running guidance is used for guiding a program to run;
and the suspension execution module is used for judging the state information of the unavailable alarm, and executing a suspension program when the state information is characterized as the alarm, wherein the suspension program is used for suspending the starting of the program and enabling the program to be in an unavailable state.
As a further aspect of the invention: the authorization determination module further includes:
the exceeding judging unit is used for judging the starting time when the time judging result is out of the time period, and giving the state of the unavailable alarm as the alarm if the BIOS time is later than the starting time;
and the auxiliary judging unit is used for acquiring corresponding use time and carrying out auxiliary judgment when the BIOS time is earlier than the starting time, giving the unavailable alarm state as an alarm if the use time is not zero, and giving the unavailable alarm state as no alarm if the use time is zero.
As still further aspects of the invention: the machine code generation module;
the machine code generation module is used for acquiring the CPU serial number, the hard disk serial number and the main board serial number, scrambling the CPU serial number, the hard disk serial number and the main board serial number through a preset splicing rule, splicing the scrambled CPU serial number, the scrambled hard disk serial number and the main board serial number, and encrypting the scrambled CPU serial number, the hard disk serial number and the main board serial number through a preset encryption algorithm to generate the machine code.
As still further aspects of the invention: the method also comprises an authorization code encryption module, wherein the authorization code encryption module is used for executing the step of authorization code encryption and comprises the following steps:
confirming License content, wherein the License content comprises a machine code, expiration time, the number of users and functional rights;
DES encryption, namely generating a DES key based on the machine code as a key seed, and performing item-by-item DES encryption on the License content through the DES key to generate a DES encryption item;
RSA encryption is carried out to generate an RSA key pair, wherein the RSA key pair comprises an RSA public key and an RSA private key, and the RSA private key is used for carrying out RSA encryption on the DES key to generate a DES encryption key;
and (3) packaging and encoding the License, namely assembling the DES encryption item, the DES encryption key and the RSA public key to generate the License, and encoding the License through a Base64 encoding rule to generate a License authorization code.
As still further aspects of the invention: the authorization code decryption module is used for executing the authorization code decryption steps, and comprises the following steps:
base decoding, namely decoding the License authorization code through a Base64 coding rule to obtain each content item of the License;
RSA decrypting, namely decrypting the DES encryption key through an RSA public key to obtain the DES key, and if the DES key fails, characterizing License invalidation;
DES decryption, namely decrypting the DES encryption item through the DES key to obtain License content, and if the License content fails, characterizing that the License is invalid;
verifying machine codes, namely obtaining local machine codes, comparing and verifying the local machine codes with the machine codes in the License, judging whether the local machine codes are consistent with the machine codes, and if the local machine codes are inconsistent with the machine codes, characterizing that the License is invalid;
time verification, namely acquiring the local time and comparing the local time with the expiration time in the License, and if the local time exceeds the expiration time, characterizing that the License has expired;
and verifying the function authority and the user number.
Compared with the prior art, the invention has the beneficial effects that: for the supplier, this authorization information can be used for asset protection, preventing the demander from privately using the asset elsewhere or for use without knowledge of the supplier. Providing versatile operational possibilities, while offline, still being able to control software operation using an authorization mechanism; for the demander, the used functions and the rights are acquired, so that the demander can simplify the operation of the software asset conveniently, and the user is free from worrying about the influence of other unused functions.
Drawings
Fig. 1 is a flow chart diagram of an offline authorization method.
Fig. 2 is a block diagram illustrating steps of encrypting an authorization code in an offline authorization method.
Fig. 3 is a block diagram of an offline authorization system.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Specific implementations of the invention are described in detail below in connection with specific embodiments.
As shown in fig. 1, an offline authorization method according to an embodiment of the present invention includes the following steps:
s10, when a starting program is initialized, acquiring state information of unavailable alarms, judging the state information, and executing a BIOS judging program if the state information is characterized as no alarms, wherein the state information also comprises a state characterized as alarms.
S20, executing the BIOS judging program, wherein the BIOS judging program comprises the following steps: and reading the system BIOS time, judging the system BIOS time based on the authorized time period range, and generating a time judgment result, wherein the time judgment result comprises the time period and the time period.
And S30, acquiring a machine code when the time judging result is within the time period, judging the machine code based on the authorization information, giving an unavailable alarm state as an alarm if the machine code is not completely matched, and executing running guidance if the machine code is completely matched, wherein the running guidance is used for guiding the program to run.
And S40, judging the state information of the unavailable alarm, and executing a suspension program when the state information is characterized as the alarm, wherein the suspension program is used for suspending the starting of the program and enabling the program to be in an unavailable state.
Further, the method further comprises the steps of:
and when the time judging result is out of the time period, starting time judgment is carried out, and if the BIOS time is later than the starting time, the state of the unavailable alarm is given as the alarm.
When the BIOS time is earlier than the starting time, acquiring corresponding use time and carrying out auxiliary judgment, if the use time is not zero, giving the unavailable alarm state as an alarm, and if the use time is zero, giving the unavailable alarm state as no alarm.
Meanwhile, the method also comprises the steps of:
and acquiring a CPU serial number, a hard disk serial number and a main board serial number, scrambling the CPU serial number, the hard disk serial number and the main board serial number through a preset splicing rule, splicing, and encrypting through a preset encryption algorithm to generate a machine code.
In this embodiment, the key is to provide an offline available authorization method, which prevents soft assets from being copied and used for an excessive period, provides an offline available mode, and also prevents software from being copied or mirrored for other uses, specifically, can perform authorization time positioning at multiple angles, and the offline authorization needs to see that the activation code contains some basic authorization information, such as the License issue time, license expiration date, client information, computer motherboard good, CPU number, etc., and uses these points to position the authorized computer and user, and use time, according to actual needs; when shipping, the authorized use time period range and the authorized use days of the device and the specific time for authorizing and allowing to start use are written into the system, at this time, the use time of the device should be 0 days, the device is only used in the use time period range, the use time can be accumulated, and multi-angle authorized time positioning can be performed, including BIOS time, use time, authorized time period range, activation time, unavailable alarms and the like. Providing versatile operational possibilities, while offline, still being able to control software operation using an authorization mechanism; for the demander, the used functions and the rights are acquired, so that the demander can simplify the operation of the software asset conveniently, and the user is free from worrying about the influence of other unused functions.
As shown in fig. 2, as another preferred embodiment of the present invention, the method further includes the step of encrypting the authorization code:
s51, confirming License content, wherein the License content comprises a machine code, expiration time, the number of users and functional rights.
S52, DES encryption, namely generating a DES key based on the machine code as a key seed, and performing item-by-item DES encryption on the License content through the DES key to generate a DES encryption item.
S53, RSA encryption is carried out to generate an RSA key pair comprising an RSA public key and an RSA private key, and the RSA private key is used for carrying out RSA encryption on the DES key to generate a DES encryption key.
S54, packaging and encoding the License, namely assembling the DES encryption item, the DES encryption key and the RSA public key to generate the License, and encoding the License through a Base64 encoding rule to generate a License authorization code.
As another preferred embodiment of the present invention, the method further comprises the step of decrypting the authorization code:
and decoding the License authorization code through a Base64 coding rule to obtain each content item of the License.
And (3) decrypting the RSA, decrypting the DES encryption key through the RSA public key, obtaining the DES key, and if the DES key fails, characterizing License invalidation.
And (3) DES decryption, namely decrypting the DES encryption item through the DES key to obtain License content, and if the License content fails, characterizing that the License is invalid.
And verifying the machine code, namely acquiring a local machine code, comparing and verifying the local machine code with the machine code in the License, judging whether the local machine code is consistent with the machine code, and if the local machine code is inconsistent with the machine code, characterizing that the License is invalid.
And (3) time verification, namely acquiring the local time and comparing the local time with the expiration time in the License, and if the local time exceeds the expiration time, characterizing that the License has expired.
And verifying the function authority and the user number.
As shown in fig. 3, the present invention further provides an offline authorization system, which includes:
the alarm judging module 100 is configured to obtain status information of an unavailable alarm when initializing a startup procedure, and judge the status information, and if the status information is characterized as no alarm, execute a BIOS judging procedure, where the status information further includes a status characterized as having an alarm.
An authorization determination module 200, configured to execute the BIOS determination program, where the BIOS determination program includes the steps of: and reading the system BIOS time, judging the system BIOS time based on the authorized time period range, and generating a time judgment result, wherein the time judgment result comprises the time period and the time period.
And the hardware verification module 300 is configured to obtain a machine code when the time judgment result is within a time period, judge the machine code based on the authorization information, give an alarm to a state of unavailable alarm if the machine code is not completely coincident, and execute an operation guidance if the machine code is completely coincident, where the operation guidance is used for guiding the program to operate.
And the suspension execution module 400 is configured to determine the status information of the unavailable alarm, and execute a suspension program when the status information is characterized as having an alarm, where the suspension program is used to suspend the start of the program, so that the program is in an unavailable state.
As another preferred embodiment of the present invention, the authorization determination module 200 further includes:
and the exceeding judging unit is used for judging the starting time when the time judging result is out of the time period, and giving the state of the unavailable alarm as the alarm if the BIOS time is later than the starting time.
And the auxiliary judging unit is used for acquiring corresponding use time and carrying out auxiliary judgment when the BIOS time is earlier than the starting time, giving the unavailable alarm state as an alarm if the use time is not zero, and giving the unavailable alarm state as no alarm if the use time is zero.
As another preferred embodiment of the present invention, the machine code generation module;
the machine code generation module is used for acquiring the CPU serial number, the hard disk serial number and the main board serial number, scrambling the CPU serial number, the hard disk serial number and the main board serial number through a preset splicing rule, splicing the scrambled CPU serial number, the scrambled hard disk serial number and the main board serial number, and encrypting the scrambled CPU serial number, the hard disk serial number and the main board serial number through a preset encryption algorithm to generate the machine code.
As another preferred embodiment of the present invention, there is further included an authorization code encryption module for performing the authorization code encryption step, including:
and confirming License content, wherein the License content comprises a machine code, an expiration time, a user number and a function authority.
And (3) DES encryption, namely generating a DES key based on the machine code as a key seed, and performing item-by-item DES encryption on the License content through the DES key to generate a DES encryption item.
RSA encryption is performed to generate an RSA key pair, wherein the RSA key pair comprises an RSA public key and an RSA private key, and the RSA private key is used for performing RSA encryption on the DES key to generate a DES encryption key.
And (3) packaging and encoding the License, namely assembling the DES encryption item, the DES encryption key and the RSA public key to generate the License, and encoding the License through a Base64 encoding rule to generate a License authorization code.
As another preferred embodiment of the present invention, the method further comprises an authorization code decryption module, wherein the authorization code decryption module is used for performing the authorization code decryption step, and comprises:
and decoding the License authorization code through a Base64 coding rule to obtain each content item of the License.
And (3) decrypting the RSA, decrypting the DES encryption key through the RSA public key, obtaining the DES key, and if the DES key fails, characterizing License invalidation.
And (3) DES decryption, namely decrypting the DES encryption item through the DES key to obtain License content, and if the License content fails, characterizing that the License is invalid.
And verifying the machine code, namely acquiring a local machine code, comparing and verifying the local machine code with the machine code in the License, judging whether the local machine code is consistent with the machine code, and if the local machine code is inconsistent with the machine code, characterizing that the License is invalid.
And (3) time verification, namely acquiring the local time and comparing the local time with the expiration time in the License, and if the local time exceeds the expiration time, characterizing that the License has expired.
And verifying the function authority and the user number.
Those skilled in the art will appreciate that all or part of the processes in the methods of the above embodiments may be implemented by a computer program for instructing relevant hardware, where the program may be stored in a non-volatile computer readable storage medium, and where the program, when executed, may include processes in the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the various embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
Other embodiments of the present disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (10)
1. An offline authorization method, comprising the steps of:
when a starting program is initialized, acquiring state information of unavailable alarms, judging the state information, and executing a BIOS judging program if the state information is characterized as no alarms, wherein the state information also comprises a state characterized as alarms;
executing the BIOS determination program, the BIOS determination program comprising the steps of: reading system BIOS time, judging the system BIOS time based on an authorized time period range, and generating a time judgment result, wherein the time judgment result comprises a time period and a time period;
when the time judging result is within the time period, acquiring a machine code, judging the machine code based on authorization information, if the machine code is not completely consistent, giving an unavailable alarm state as an alarm, and if the machine code is completely consistent, executing running guidance, wherein the running guidance is used for guiding a program to run;
and judging the state information of the unavailable alarm, and executing a suspension program when the state information is characterized as the alarm, wherein the suspension program is used for suspending the starting of the program and enabling the program to be in an unavailable state.
2. An offline authorization method according to claim 1, further comprising the steps of:
when the time judging result is out of the time period, starting time judgment is carried out, and if the BIOS time is later than the starting time, the state of the unavailable alarm is given as the alarm;
when the BIOS time is earlier than the starting time, acquiring corresponding use time and carrying out auxiliary judgment, if the use time is not zero, giving the unavailable alarm state as an alarm, and if the use time is zero, giving the unavailable alarm state as no alarm.
3. An offline authorization method according to claim 2, further comprising the steps of:
and acquiring a CPU serial number, a hard disk serial number and a main board serial number, scrambling the CPU serial number, the hard disk serial number and the main board serial number through a preset splicing rule, splicing, and encrypting through a preset encryption algorithm to generate a machine code.
4. An offline authorization method according to claim 1, further comprising the step of authorization code encryption:
confirming License content, wherein the License content comprises a machine code, expiration time, the number of users and functional rights;
DES encryption, namely generating a DES key based on the machine code as a key seed, and performing item-by-item DES encryption on the License content through the DES key to generate a DES encryption item;
RSA encryption is carried out to generate an RSA key pair, wherein the RSA key pair comprises an RSA public key and an RSA private key, and the RSA private key is used for carrying out RSA encryption on the DES key to generate a DES encryption key;
and (3) packaging and encoding the License, namely assembling the DES encryption item, the DES encryption key and the RSA public key to generate the License, and encoding the License through a Base64 encoding rule to generate a License authorization code.
5. An offline authorization method according to claim 4, further comprising the step of decrypting the authorization code:
base decoding, namely decoding the License authorization code through a Base64 coding rule to obtain each content item of the License;
RSA decrypting, namely decrypting the DES encryption key through an RSA public key to obtain the DES key, and if the DES key fails, characterizing License invalidation;
DES decryption, namely decrypting the DES encryption item through the DES key to obtain License content, and if the License content fails, characterizing that the License is invalid;
verifying machine codes, namely obtaining local machine codes, comparing and verifying the local machine codes with the machine codes in the License, judging whether the local machine codes are consistent with the machine codes, and if the local machine codes are inconsistent with the machine codes, characterizing that the License is invalid;
time verification, namely acquiring the local time and comparing the local time with the expiration time in the License, and if the local time exceeds the expiration time, characterizing that the License has expired;
and verifying the function authority and the user number.
6. An offline authorization system, comprising:
the alarm judging module is used for acquiring state information of unavailable alarms when a starting program is initialized, judging the state information, and executing a BIOS judging program if the state information is characterized as no alarms, wherein the state information also comprises a state characterized as alarms;
the authorization judging module is used for executing the BIOS judging program, and the BIOS judging program comprises the following steps: reading system BIOS time, judging the system BIOS time based on an authorized time period range, and generating a time judgment result, wherein the time judgment result comprises a time period and a time period;
the hardware verification module is used for acquiring a machine code when the time judgment result is within a time period, judging the machine code based on authorization information, giving an unavailable alarm state as an alarm if the machine code is not completely matched, and executing running guidance if the machine code is completely matched, wherein the running guidance is used for guiding a program to run;
and the suspension execution module is used for judging the state information of the unavailable alarm, and executing a suspension program when the state information is characterized as the alarm, wherein the suspension program is used for suspending the starting of the program and enabling the program to be in an unavailable state.
7. The offline authorization system according to claim 6, wherein the authorization determination module further comprises:
the exceeding judging unit is used for judging the starting time when the time judging result is out of the time period, and giving the state of the unavailable alarm as the alarm if the BIOS time is later than the starting time;
and the auxiliary judging unit is used for acquiring corresponding use time and carrying out auxiliary judgment when the BIOS time is earlier than the starting time, giving the unavailable alarm state as an alarm if the use time is not zero, and giving the unavailable alarm state as no alarm if the use time is zero.
8. An offline authorization system according to claim 7, wherein the machine code generation module;
the machine code generation module is used for acquiring the CPU serial number, the hard disk serial number and the main board serial number, scrambling the CPU serial number, the hard disk serial number and the main board serial number through a preset splicing rule, splicing the scrambled CPU serial number, the scrambled hard disk serial number and the main board serial number, and encrypting the scrambled CPU serial number, the hard disk serial number and the main board serial number through a preset encryption algorithm to generate the machine code.
9. The offline authorization system according to claim 6, further comprising an authorization code encryption module for performing the authorization code encryption step, comprising:
confirming License content, wherein the License content comprises a machine code, expiration time, the number of users and functional rights;
DES encryption, namely generating a DES key based on the machine code as a key seed, and performing item-by-item DES encryption on the License content through the DES key to generate a DES encryption item;
RSA encryption is carried out to generate an RSA key pair, wherein the RSA key pair comprises an RSA public key and an RSA private key, and the RSA private key is used for carrying out RSA encryption on the DES key to generate a DES encryption key;
and (3) packaging and encoding the License, namely assembling the DES encryption item, the DES encryption key and the RSA public key to generate the License, and encoding the License through a Base64 encoding rule to generate a License authorization code.
10. The offline authorization system according to claim 9, further comprising an authorization code decryption module for performing the authorization code decryption step, comprising:
base decoding, namely decoding the License authorization code through a Base64 coding rule to obtain each content item of the License;
RSA decrypting, namely decrypting the DES encryption key through an RSA public key to obtain the DES key, and if the DES key fails, characterizing License invalidation;
DES decryption, namely decrypting the DES encryption item through the DES key to obtain License content, and if the License content fails, characterizing that the License is invalid;
verifying machine codes, namely obtaining local machine codes, comparing and verifying the local machine codes with the machine codes in the License, judging whether the local machine codes are consistent with the machine codes, and if the local machine codes are inconsistent with the machine codes, characterizing that the License is invalid;
time verification, namely acquiring the local time and comparing the local time with the expiration time in the License, and if the local time exceeds the expiration time, characterizing that the License has expired;
and verifying the function authority and the user number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211673063.4A CN116010904B (en) | 2022-12-26 | 2022-12-26 | Offline authorization method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211673063.4A CN116010904B (en) | 2022-12-26 | 2022-12-26 | Offline authorization method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116010904A true CN116010904A (en) | 2023-04-25 |
| CN116010904B CN116010904B (en) | 2023-09-15 |
Family
ID=86020316
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211673063.4A Active CN116010904B (en) | 2022-12-26 | 2022-12-26 | Offline authorization method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116010904B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491097A (en) * | 2013-09-30 | 2014-01-01 | 华中师范大学 | Software authorization system based on public key cryptosystem |
| CN109375925A (en) * | 2018-09-14 | 2019-02-22 | 厦门天锐科技股份有限公司 | A kind of method that terminal program unloads offline |
| CN109858201A (en) * | 2018-12-29 | 2019-06-07 | 北京奇安信科技有限公司 | A kind of security software pattern switching authorization method, client and server-side |
| CN110968844A (en) * | 2019-12-02 | 2020-04-07 | 卫盈联信息技术(深圳)有限公司 | Software authorization method in off-line state, server and readable storage medium |
| CN113553629A (en) * | 2021-09-18 | 2021-10-26 | 新大陆数字技术股份有限公司 | Hardware authorization method and system |
| CN114564702A (en) * | 2022-04-24 | 2022-05-31 | 北京麟卓信息科技有限公司 | Off-line software license control method and device based on firmware |
-
2022
- 2022-12-26 CN CN202211673063.4A patent/CN116010904B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491097A (en) * | 2013-09-30 | 2014-01-01 | 华中师范大学 | Software authorization system based on public key cryptosystem |
| CN109375925A (en) * | 2018-09-14 | 2019-02-22 | 厦门天锐科技股份有限公司 | A kind of method that terminal program unloads offline |
| CN109858201A (en) * | 2018-12-29 | 2019-06-07 | 北京奇安信科技有限公司 | A kind of security software pattern switching authorization method, client and server-side |
| CN110968844A (en) * | 2019-12-02 | 2020-04-07 | 卫盈联信息技术(深圳)有限公司 | Software authorization method in off-line state, server and readable storage medium |
| CN113553629A (en) * | 2021-09-18 | 2021-10-26 | 新大陆数字技术股份有限公司 | Hardware authorization method and system |
| CN114564702A (en) * | 2022-04-24 | 2022-05-31 | 北京麟卓信息科技有限公司 | Off-line software license control method and device based on firmware |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116010904B (en) | 2023-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107979590B (en) | Data sharing method, client, server, computing device and storage medium | |
| US7236958B2 (en) | Electronic software license with software product installer identifier | |
| US9898587B2 (en) | Software protection using an installation product having an entitlement file | |
| US10992480B2 (en) | Method and system for performing a transaction and for performing a verification of legitimate access to, or use of digital data | |
| JP6810334B2 (en) | Profile data distribution control device, profile data distribution control method, and profile data distribution control program | |
| US20040255119A1 (en) | Memory device and passcode generator | |
| JPH10171648A (en) | Application authenticating device | |
| CN108304698B (en) | Product authorized use method and device, computer equipment and storage medium | |
| CN106533694B (en) | The realization method and system of Openstack token access protection mechanism | |
| CN110688660A (en) | Method and device for safely starting terminal and storage medium | |
| CN111147259B (en) | Authentication method and device | |
| US20070271456A1 (en) | Method and System for Performing a Transaction and for Performing a Verification of Legitimate Access to, or Use of Digital Data | |
| CN111953634B (en) | Access control method and device for terminal equipment, computer equipment and storage medium | |
| CN116010904B (en) | Offline authorization method and system | |
| US8745375B2 (en) | Handling of the usage of software in a disconnected computing environment | |
| CN111953477B (en) | Terminal equipment, generation method of identification token of terminal equipment and interaction method of client | |
| CN116401691A (en) | File authority management method, device, system, computer equipment and medium | |
| CN116775145A (en) | Method, device, equipment and storage medium for starting and recovering server | |
| KR20120104271A (en) | Securing execution of computational resources | |
| JP5049179B2 (en) | Information processing terminal device and application program activation authentication method | |
| CN111931088B (en) | Webpage link processing method and device and electronic equipment | |
| JPWO2008117340A1 (en) | Device to be debugged, authentication program, and debug authentication method | |
| JP4643221B2 (en) | Failure analysis support terminal and failure analysis support information providing device | |
| CN112350987A (en) | Configuration checking method and tool for network equipment | |
| CN111079155A (en) | Data processing method and device, electronic equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |