CN116192373A - Service license processing method and device - Google Patents

Service license processing method and device Download PDF

Info

Publication number
CN116192373A
CN116192373A CN202310072584.2A CN202310072584A CN116192373A CN 116192373 A CN116192373 A CN 116192373A CN 202310072584 A CN202310072584 A CN 202310072584A CN 116192373 A CN116192373 A CN 116192373A
Authority
CN
China
Prior art keywords
machine code
client
license
server
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310072584.2A
Other languages
Chinese (zh)
Inventor
张桥
闫岗岗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lianyi Software Co ltd
Original Assignee
Lianyi Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lianyi Software Co ltd filed Critical Lianyi Software Co ltd
Publication of CN116192373A publication Critical patent/CN116192373A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a service license processing method and device. The method comprises the following steps: the client generates a machine code for service permission according to the Z cryptographic algorithm; the client sends the machine code to the server; the client receives a license certificate corresponding to the machine code sent by the server. By the method and the device, the security of issuing the service license is improved.

Description

Service license processing method and device
Technical Field
The invention relates to the field of Internet, in particular to an authentication method and device.
Background
In the gradual popularization and the daily and monthly development of the Internet, application software has become a core tool of daily work, the software protection thought of the software product in the full of the tourmaline gradually attracts importance of software issuers, the comprehensive implementation of the software protection is beneficial to the healthy development of the software industry and the promotion of informatization construction.
At present, a commonly used method for protecting software is a license binding method, wherein license and terminal information are bound when software is manufactured, and license information is acquired through a license analysis module when the software is started to carry out matching verification.
The core mechanism of the service license is verification of the machine code, and the validity and the security of the service license file can be guaranteed only by guaranteeing that each device has a unique machine code. In the prior art, in order to prevent unauthorized users from using their own software systems, software system providers typically perform software authorization by entering machine codes, importing license files, or registering online to protect the use of knowledge assets.
The related technology mainly generates a machine code by combining a network protocol (IP), an MAC, a main board serial number and a CPU serial number of equipment and then encrypting the machine code, and the method is convenient and easy to use, and the whole security mechanism is built on the basis that equipment information is not allowed to be modified and is not suitable for being used in scenes with higher security requirements. Secondly, the license analysis module adopts java language for development, the java files are easy to decompil, and a stealer can easily acquire license file information through decompiling the files, so that the safety protection of the license files cannot be effectively ensured.
In the related art, the certificate security is relatively poor for the service permission.
Disclosure of Invention
The invention provides a service license processing method and device, which are used for solving the problem of relatively poor service license security in the related technology.
According to an aspect of the present invention, there is provided a method of processing a service license, including: the client generates a machine code for service permission according to the Z cryptographic algorithm; the client sends the machine code to a server; the client receives a license certificate corresponding to the machine code sent by the server.
Preferably, before the client generates the machine code for service license according to the Z-password algorithm, the method further comprises: and the client acquires a software development kit SDK of the Z-password algorithm.
Preferably, the client opens a package SDK through the Z-password algorithm software, generates a device fingerprint, and binds the device fingerprint.
According to another aspect of the present invention, there is provided a method for processing a service license, comprising: the method comprises the steps that a server receives a machine code sent by a client, wherein the machine code is a machine code of user service permission generated by the client according to a Z-password algorithm; the server generates a license certificate of a client corresponding to the machine code according to the machine code; the server sends the license certificate to the client.
Preferably, the server generates, according to the machine code, a license certificate of a client corresponding to the machine code, including: the server registers and binds the machine code on a license management end of the server.
According to another aspect of the present invention, there is provided a service license processing apparatus including: the first generation module is used for generating a machine code for service permission according to the Z-password algorithm; the first sending module is used for sending the machine code to a server; and the first receiving module is used for receiving the license certificate corresponding to the machine code, which is issued by the server.
Preferably, the apparatus further comprises: and the acquisition module is used for acquiring the software development kit SDK of the Z cryptographic algorithm.
According to another aspect of the present invention, there is provided a service license processing apparatus including: the second sending module is used for receiving a machine code sent by the client, wherein the machine code is a machine code of user service permission generated by the client according to a Z-password algorithm; a second generation module, configured to generate, according to the machine code, a license certificate of a client corresponding to the machine code; and the third sending module is used for sending the license certificate to the client.
Preferably, the second generating module includes: and the processing module is used for registering and binding the machine code at the license certificate management end of the server.
According to still another aspect of the present invention, there is provided a server including: a memory and a processor, said memory having stored therein a computer program which, when executed by said processor, performs the steps of the method of service licensing as described above.
According to still another aspect of the present invention, there is provided a client, including: a memory and a processor, said memory having stored therein a computer program which, when executed by said processor, performs the steps of the method of service licensing as described above.
According to the invention, the Z algorithm soft password is integrated, the Z algorithm soft password SDK is integrated, the device fingerprint is generated and bound for the terminal, the security plug-in is issued for each terminal, and the terminal generates the machine code through the algorithm provided by the security plug-in, so that the service permission based on the Z password algorithm is realized, and the security of the service permission is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiments of the invention and together with the description serve to explain the invention and do not constitute a limitation on the invention. In the drawings:
FIG. 1 is a first flowchart of a service licensing method according to an embodiment of the present invention;
FIG. 2 is a second flowchart of a service licensing method according to an embodiment of the present invention;
FIG. 3 is a first block diagram of a service licensing apparatus according to an embodiment of the present invention;
FIG. 4 is a second block diagram of the service licensing apparatus according to an embodiment of the present invention;
fig. 5 is a logical schematic of a service licensing operation mechanism according to an embodiment of the present invention.
Detailed Description
It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other. The invention will be described in detail below with reference to the drawings in connection with embodiments.
The present embodiment provides a service license processing method, and fig. 1 is a first flowchart of a VPN authentication method according to an embodiment of the present invention, as shown in fig. 1, and the method includes the following steps S102 to S106.
Step S102, the client generates a machine code for service permission according to a Z-password algorithm;
step S104, the client sends the machine code to the server;
in step S106, the client receives the license corresponding to the machine code sent by the server.
According to the embodiment and the preferred implementation mode thereof, the device fingerprint is generated and bound for the terminal through the integrated Z-algorithm soft password SDK, the security plug-in is issued for each terminal, and the terminal generates the machine code through the algorithm provided by the security plug-in, so that the service permission based on the Z-algorithm is realized. The security of service permissions is improved.
Preferably, before step S102, further includes: the client acquires a software development kit SDK of the Z-password algorithm.
Preferably, the client opens the package SDK through the Z-password algorithm software, generates the device fingerprint, and binds. With the preferred embodiment, VPN network authentication security is improved.
The present embodiment provides a method for processing service permissions, and fig. 2 is a second flowchart of a method for processing service permissions according to an embodiment of the present invention, as shown in fig. 2, and the method includes the following steps S202 to S208.
In step S202, the server receives the machine code sent by the client, where the machine code is a machine code of the user service license generated by the client according to the Z-password algorithm.
Step S204, the server generates a license certificate of the client corresponding to the machine code according to the machine code;
in step S206, the server sends the license certificate to the client.
According to the embodiment and the preferred implementation mode thereof, the device fingerprint is generated and bound for the terminal through the integrated Z-algorithm soft password SDK, the security plug-in is issued for each terminal, and the terminal generates the machine code through the algorithm provided by the security plug-in, so that the service permission based on the Z-algorithm is realized. The security of service permissions is improved.
The embodiment improves a service licensing method, which comprises the following steps:
step 1: the application service integration SDK is initialized and security checked.
Step 2: after the security check is started, the application service calls the SDK interface to bind the equipment and download the security plug-in.
Step 3: the application service calls an interface for acquiring the machine code to generate a terminal identification.
Step 4: the user registers and binds the machine code at the license management end, and the license file is acquired.
Step 5: the user imports the acquired license certificate into the application service.
Step 6: after the authentication of the application service is completed, the subsequent business operation is entered.
It should be noted that, the Z cipher algorithm system adopts the deep fusion of the user key and the algorithm, which is different from the technical scheme of the related technology that the block cipher design emphasizes the standardization of the algorithm and the secret key. The Z cipher algorithm ensures that the logic structures of the cipher algorithms among different users are different through the variable cipher logic of the key and algorithm fusion. The logic difference not only refers to the difference of the used password parameters, but also adopts different hierarchical structures, different operations, different components and different data flow directions, thereby ensuring that all users adopt different password algorithms. In view of network attacker, each user adopts a specially designed and used cryptographic algorithm, which can be called as 'one person one algorithm', thus greatly improving the security of the system. Aiming at the characteristics of the Z algorithm system, the safety requirements of example safety, system safety, distance safety and the like are put forward and fully considered in design, the concepts are popularization and extension of the safety requirements of the block cipher algorithm in the related technology, and when the block cipher algorithm is used, the algorithm examples of users can be updated periodically or aperiodically according to the cipher protocol. The Z password can adopt the technical scheme of the Z password algorithm in the 2018 12 month password academic report Z password algorithm design scheme.
As a preferred implementation manner, the challenge code can be generated through a Z algorithm according to the device fingerprint and the time factor corresponding to the client.
As shown in FIG. 5, the working mechanism logic of VPN authentication in the application is an SDK-based algorithm security plug-in, and authentication information generated by combining multi-factor participation operation such as equipment information is used as identity authentication information, so that the generation of machine codes is realized through a Z algorithm.
The present embodiment provides a service license processing apparatus, and fig. 3 is a first block diagram of a service license processing apparatus according to an embodiment of the present invention, and as shown in fig. 3, the apparatus includes a first generating module 32, a first transmitting module 34, and a first receiving module 36, which are described in detail below:
a first generation module 32 for generating a machine code for service licensing according to a Z-password algorithm; a first transmitting module 34, configured to transmit the machine code to a server; a first receiving module 36, configured to receive a license certificate corresponding to the machine code issued by the server.
Preferably, the apparatus further comprises: and the acquisition module is used for acquiring the software development kit SDK of the Z cryptographic algorithm.
Preferably, the client opens a package SDK through the Z-password algorithm software, generates a device fingerprint, and binds the device fingerprint.
The present embodiment provides a service license processing apparatus, and fig. 4 is a second block diagram of a service license processing apparatus according to an embodiment of the present invention, and as shown in fig. 4, the apparatus includes a second sending module 42, a second generating module 44, and a third sending module 46, which are described in detail below:
a second sending module 42, configured to receive a machine code sent by a client, where the machine code is a machine code of a user service license generated by the client according to a Z-password algorithm; a second generation module 44, configured to generate, according to the machine code, a license certificate of a client corresponding to the machine code; a third sending module 46, configured to send the license to the client.
The present embodiment provides a storage medium storing a computer program which, when executed by a processor, performs the steps of the signing method as described above or the steps of the VPN authentication method as described above.
A computer program may employ any combination of one or more storage media. The storage medium may be a readable signal medium or a readable storage medium. The readable storage medium may comprise, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium may include the following: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The readable signal medium may comprise a data signal propagated in baseband or as part of a carrier wave in which a readable computer program is embodied. Such a propagated data signal may take many forms, including, for example, electro-magnetic, optical, or any suitable combination of the preceding. A readable signal medium may also be any storage medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
The computer program embodied on a storage medium may be transmitted using any appropriate medium, which may include, for example, wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
The computer programs for performing the operations of the present invention can be written in any combination of one or more programming languages. The programming languages may include object oriented programming languages such as Java, C++, etc., and may also include conventional procedural programming languages such as the "C" language or similar programming languages. The computer program may execute entirely on the user's computing device, partly on the user's device, or entirely on a remote computing device or server. In situations involving a remote computing device, the remote computing device may be connected to the user computing device through any kind of network (e.g., may include a local area network or a wide area network), or may be connected to an external computing device (e.g., connected over the internet using an internet service provider).
It should be noted that in this document, relational terms such as "first" and "second" and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In summary, through the foregoing embodiments and preferred embodiments of the present invention, by integrating the Z algorithm soft password SDK, a device fingerprint is generated for a terminal and bound, a security plug-in is issued for each terminal, and the terminal generates a machine code through an algorithm provided by the security plug-in, thereby implementing service permission based on the Z algorithm. The service licensing product based on the Z-password algorithm adopts a dynamic password algorithm Z-algorithm of national password authentication, and the Z-algorithm key is fused with the algorithm, so that the service licensing product has the characteristics of one key and one key, solves the problem of counterfeit equipment codes, and solves the problem that cloud service cannot be inserted into a medium because of soft password.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A method for processing a service license, comprising:
the client generates a machine code for service permission according to the Z cryptographic algorithm;
the client sends the machine code to a server;
the client receives a license certificate corresponding to the machine code sent by the server.
2. The method of claim 1, further comprising, prior to the client generating the machine code for the service license according to the Z-password algorithm:
and the client acquires a software development kit SDK of the Z-password algorithm.
3. A method for processing a service license, comprising:
the method comprises the steps that a server receives a machine code sent by a client, wherein the machine code is a machine code of user service permission generated by the client according to a Z-password algorithm;
the server generates a license certificate of a client corresponding to the machine code according to the machine code;
the server sends the license certificate to the client.
4. The method of claim 3, wherein the server generating a license credential for a client corresponding to the machine code from the machine code comprises:
the server registers and binds the machine code on a license management end of the server.
5. A service license processing apparatus, comprising:
the first generation module is used for generating a machine code for service permission according to the Z-password algorithm;
the first sending module is used for sending the machine code to a server;
and the first receiving module is used for receiving the license certificate corresponding to the machine code, which is issued by the server.
6. The apparatus as recited in claim 5, further comprising:
and the acquisition module is used for acquiring the software development kit SDK of the Z cryptographic algorithm.
7. A service license processing apparatus, comprising:
the second sending module is used for receiving a machine code sent by the client, wherein the machine code is a machine code of user service permission generated by the client according to a Z-password algorithm;
a second generation module, configured to generate, according to the machine code, a license certificate of a client corresponding to the machine code;
and the third sending module is used for sending the license certificate to the client.
8. The apparatus of claim 7, wherein the second generating module comprises: and the processing module is used for registering and binding the machine code at the license certificate management end of the server.
9. A client, comprising: a memory and a processor, the memory having stored therein a computer program which, when executed by the processor, performs the steps of the method of processing a service license as claimed in claim 1 or 2.
10. A server, comprising: a memory and a processor, the memory having stored therein a computer program which, when executed by the processor, performs the steps of the method of processing a service license as claimed in claim 3 or 4.
CN202310072584.2A 2022-12-30 2023-01-13 Service license processing method and device Pending CN116192373A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2022117362343 2022-12-30
CN202211736234 2022-12-30

Publications (1)

Publication Number Publication Date
CN116192373A true CN116192373A (en) 2023-05-30

Family

ID=86443777

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310072584.2A Pending CN116192373A (en) 2022-12-30 2023-01-13 Service license processing method and device

Country Status (1)

Country Link
CN (1) CN116192373A (en)

Similar Documents

Publication Publication Date Title
US11314891B2 (en) Method and system for managing access to personal data by means of a smart contract
JP7436568B2 (en) Methods and systems realized by blockchain
JP4145118B2 (en) Application authentication system
CN102546171B (en) Secure element authentication method
CN110874464A (en) Method and equipment for managing user identity authentication data
JP4816975B2 (en) Application authentication system
CN112187709B (en) Authentication method, device and server
CN102185838B (en) Driving dynamic code generating and authenticating system and method based on time factors
CN1956372A (en) A digital certificate that indicates a parameter of an associated cryptographic token
CN109981287B (en) Code signing method and storage medium thereof
US20210391991A1 (en) Linking identities in a distributed database
CN109831435B (en) Database operation method, system, proxy server and storage medium
CN114008968A (en) System, method and storage medium for license authorization in a computing environment
CN103559430B (en) application account management method and device based on Android system
JP2005519364A (en) System and method for granting network service, right exercise system and computer execution method
US20220318356A1 (en) User registration method, user login method and corresponding device
KR102053993B1 (en) Method for Authenticating by using Certificate
CN116192373A (en) Service license processing method and device
CN101833615A (en) Digital resource authority control method based on identity federation
CN110619236A (en) File authorization access method, device and system based on file credential information
EP2842290B1 (en) Method and computer communication system for the authentication of a client system
KR102666687B1 (en) Operating server for providing a safe phone service using qr code without exposing personal information by granting a communication authority level according to nickname and its operation method
CN110263553B (en) Database access control method and device based on public key verification and electronic equipment
US20240086905A1 (en) Mitigation of cryptographic asset attacks
CN116094703A (en) VPN authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication