CN117521035A - Software offline authorization management method and device, electronic equipment and storage medium - Google Patents
Software offline authorization management method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN117521035A CN117521035A CN202311528592.XA CN202311528592A CN117521035A CN 117521035 A CN117521035 A CN 117521035A CN 202311528592 A CN202311528592 A CN 202311528592A CN 117521035 A CN117521035 A CN 117521035A
- Authority
- CN
- China
- Prior art keywords
- license file
- file
- license
- module
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 57
- 238000007726 management method Methods 0.000 title claims abstract description 47
- 238000012795 verification Methods 0.000 claims abstract description 105
- 238000000034 method Methods 0.000 claims abstract description 30
- 230000008676 import Effects 0.000 claims abstract description 16
- 238000004590 computer program Methods 0.000 claims description 12
- 238000004458 analytical method Methods 0.000 claims description 11
- 230000015654 memory Effects 0.000 claims description 10
- 230000000903 blocking effect Effects 0.000 claims description 5
- 230000008569 process Effects 0.000 description 16
- 238000010586 diagram Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000008260 defense mechanism Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention provides a software offline authorization management method, a device, electronic equipment and a storage medium, and relates to the technical field of computers, wherein the method comprises the following steps: when obtaining the license file of the current software to be imported, importing the license file by checking the license file, and checking the imported license file at fixed time; when an access request of a user to a module service corresponding to current software is obtained, intercepting and checking the access request based on a permission file; wherein the module service is a service provided by a module in a server in which the current software is installed. By adopting the triple verification mode of verification during import, timing verification after import and interception verification during service access, the correctness of the license file and the timeliness of license authorization can be ensured.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and apparatus for offline authorization management of software, an electronic device, and a storage medium.
Background
Unprotected software is vulnerable to piracy, resulting in significant economic loss to the software manufacturer. Fortunately, the software industry has increasingly found effective defense mechanisms against illegal use and piracy of software. More and more software manufacturers choose software protection systems to protect their intellectual property rights. Soft licenses or secure hardware (e.g., dongles) with activation codes have long been the first choice for protecting commodity software from illegal use. Software is ubiquitous and almost all activities today require the participation of software. However, the current software protection scheme cannot meet the requirements of users in terms of the correctness of the license file and the timeliness of the authorized license, so that an effective mechanism is needed to prevent and protect the legal rights and interests of the software.
Disclosure of Invention
The invention aims to provide a software offline authorization management method, a device, electronic equipment and a storage medium, so as to ensure the correctness of a license file and the timeliness of authorization.
In a first aspect, an embodiment of the present invention provides a software offline authorization management method, including:
when a license file of the current software to be imported is obtained, the license file is imported through verification, and the imported license file is verified at fixed time;
when an access request of a user to a module service corresponding to the current software is obtained, intercepting and checking the access request based on the permission file; wherein the module service is a service provided by a module in a server in which the current software is installed.
Further, the importing the license file by checking the license file includes:
judging whether an original license file exists in a designated file path of the license file or not;
when the original license file exists, backing up the original license file, and storing the license file into the designated file path; checking preset contents of the license file, wherein the preset contents comprise Mac addresses, IP addresses and whether the Mac addresses and the IP addresses expire; when the verification is passed, deleting the original license file which is backed up; when verification fails, restoring the original license file to the appointed file path;
creating a specified folder under the specified file path when the original license file does not exist, and placing the license file under the specified folder; checking the preset content of the license file; and after the verification is passed, storing all the analyzed license contents in the license file into a cache.
Further, the performing timing verification on the imported license file includes:
judging whether the license file exists in the designated file path or not;
when the license file exists, analyzing the license file by using a preset encryption and decryption algorithm and a generated key;
when the analysis is successful, consistency comparison is carried out on the first abstract information in the analyzed license file and the second abstract information in the cache;
when the comparison is successful, checking the preset content of the license file;
and when the verification is successful, determining that the license file is valid.
Further, the license content of the license file includes authorized module information; after the license file is imported by checking the license file, the software offline authorization management method further comprises the following steps:
and when the current module corresponding to the current software is monitored to be started, starting the current module based on the authorized module information in the license file.
Further, the authorized module information is an authorized module list; the starting the current module based on the authorized module information in the license file comprises the following steps:
judging whether the license file exists or not;
when the license file exists, acquiring license content in the cache;
acquiring an authorized module list and a license expiration time from the licensed content;
performing start-up verification on the current module based on the authorized module list and the license expiration time;
and when the verification is passed, starting the current module.
Further, the intercepting and checking the access request based on the permission file includes:
when a service call request of a user is received, checking whether the license file is out of date;
when the license file expires, the service invocation request is blocked.
Further, the license content of the license file further includes a tenant number threshold; the intercepting and checking the access request based on the permission file comprises the following steps:
when receiving a user's request for creating tenants, judging whether the number of tenants in the current database is greater than or equal to the threshold value of the number of tenants in the permission file;
and blocking the creating tenant request when the number of tenants in the current database is greater than or equal to the tenant number threshold.
In a second aspect, an embodiment of the present invention further provides a software offline authorization management device, including:
the import verification module is used for importing the license file by verifying the license file when the license file of the current software to be imported is acquired;
the timing verification module is used for carrying out timing verification on the imported license file;
the access verification module is used for intercepting and verifying the access request based on the permission file when the access request of the user to the module service corresponding to the current software is obtained; wherein the module service is a service provided by a module in a server in which the current software is installed.
In a third aspect, an embodiment of the present invention further provides an electronic device, including a memory, and a processor, where the memory stores a computer program that can run on the processor, and when the processor executes the computer program, the processor implements the software offline authorization management method in the first aspect.
In a fourth aspect, an embodiment of the present invention further provides a storage medium, where a computer program is stored, where the computer program is executed by a processor to perform the software offline authorization management method according to the first aspect.
According to the software offline authorization management method, the device, the electronic equipment and the storage medium, when the license file of the current software to be imported is obtained, the license file is imported through verification of the license file, and the imported license file is verified at fixed time; when an access request of a user to a module service corresponding to current software is obtained, intercepting and checking the access request based on a permission file; wherein the module service is a service provided by a module in a server in which the current software is installed. By adopting the triple verification mode of verification during import, timing verification after import and interception verification during service access, the correctness of the license file and the timeliness of license authorization can be ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a software offline authorization management method according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a method for generating a license file according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a method for importing a license file according to an embodiment of the present invention;
FIG. 4 is a schematic flow chart of verifying a license file when a module is started according to an embodiment of the present invention;
FIG. 5 is a flowchart illustrating a process of verifying a license file when a service is requested according to an embodiment of the present invention;
FIG. 6 is a flowchart illustrating a timing verification license file according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a software offline authorization management device according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions of the present invention will be clearly and completely described in connection with the embodiments, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The existing software protection scheme cannot meet the user requirements in terms of accuracy of license files and timeliness of authorized license, and based on the method, the device, the electronic equipment and the storage medium for offline authorization management of the software, provided by the embodiment of the invention, the accuracy of license files and the timeliness of authorized license can be ensured.
For the convenience of understanding the present embodiment, a software offline authorization management method disclosed in the embodiment of the present invention will be described in detail first.
The embodiment of the invention provides a software offline authorization management method which can be executed by electronic equipment with data processing capability. Referring to a flow chart of a software offline authorization management method shown in fig. 1, the method mainly includes steps S102 to S104 as follows:
step S102, when the license file of the current software to be imported is obtained, the license file is imported through verification of the license file, and the imported license file is verified at regular time.
In some possible embodiments, the import of the license file may be performed as follows:
a1, judging whether an original license file exists in a designated file path of the license file;
the designated file path refers to a position where the license file is to be stored, and is preset.
A2, when the original license file exists, backing up the original license file, and storing the license file into a designated file path; checking preset contents of the license file, wherein the preset contents comprise Mac addresses, IP addresses and whether the Mac addresses and the IP addresses are out of date; when the verification is passed, deleting the original license file of the backup; when verification fails, restoring the original license file to a designated file path;
wherein, through the backup processing of the original license file, the deletion of the license file can be prevented. In verifying the license file, whether the license file is expired is determined mainly based on whether the license file is permanently authorized, and the license start time, the license expiration time, and the like.
a3, when the original license file does not exist, creating a designated folder under a designated file path, and placing the license file under the designated folder; checking preset contents of the license file; after verification is passed, all the analyzed license contents in the license file are stored in a cache.
The preset content in a3 may be the same as the preset content in a2, which is not described herein. When the original license file does not exist, if the license file fails to verify, the license file is invalid, and the license file can be deleted; if the license file passes the verification, the license file is effective, and the subsequent verification is facilitated by caching all the license contents analyzed in the license file.
In some possible embodiments, the timing verification of the license file may be performed by:
b1, judging whether a license file exists in the designated file path;
wherein the specified file path is the same as above.
b2, when the license file exists, analyzing the license file by using a preset encryption and decryption algorithm and the generated key;
the encryption and decryption algorithm can be a symmetric encryption and decryption algorithm or an asymmetric encryption and decryption algorithm, for example, an RSA algorithm or an SM4 algorithm is adopted as the encryption and decryption algorithm. When an asymmetric encryption and decryption algorithm is adopted, the generated key refers to the private key in the generated key pair.
If the analysis fails, the license file is tampered, and the prompt that the license file is tampered can be directly thrown out, and the started module process is ended.
b3, when the analysis is successful, consistency comparison is carried out on the first abstract information in the analyzed license file and the second abstract information in the cache;
the digest algorithms corresponding to the first digest information and the second digest information are the same, and the embodiment of the invention does not limit the digest algorithms, for example, the digest algorithm may use MD5 algorithm or SHA (Secure Hash Algorithm ) or the like.
If the comparison fails, the file content is inconsistent, and the license file is tampered, the license file is thrown out to be tampered, and the started module process is ended.
b4, when the comparison is successful, checking the preset content of the license file;
the preset content may be the same as that in the foregoing embodiment (a 2), and will not be described herein.
If the verification fails, indicating that the license file has failed, a corresponding hint may be thrown (e.g., a hint that the Mac address is inconsistent, a hint that the IP address is inconsistent, a hint that the license authorization period is not reached, or a hint that the license file has expired) and the started module process may be ended.
And b5, when the verification is successful, determining that the license file is valid.
The timing verification operation can be implemented by an started asynchronous thread.
In the general software protection method, offline authorization management is only performed on all modules of the existing system (i.e. the server of the user), and offline authorization management is not performed on individual system modules. Based on this, in the embodiment of the present invention, the license content of the license file includes authorized module information, and after the license file is imported, the software offline authorization management method further includes: and when the current module corresponding to the current software is monitored to be started, starting the current module based on the authorized module information in the license file. This allows for offline authorization management of individual system modules.
In one possible implementation, the authorized module information is a list of authorized modules; the step of starting the current module based on the authorized module information in the license file may be accomplished by: judging whether the license file exists or not; when the license file exists, acquiring license content in the cache; acquiring an authorized module list and a license expiration time from the licensed content; performing start-up verification on the current module based on the authorized module list and the permission expiration time; when the verification is passed, starting the current module; otherwise, when the verification fails, the current module is forbidden to be started.
In specific implementation, the mode of starting verification is as follows: judging whether the current module is positioned in an authorized module list; when the current module is not in the authorized module list, the verification fails; when the current module is in the authorized module list, judging whether the current time is smaller than the permission expiration time; when the current time is less than the permission expiration time, the verification is passed; when the current time is greater than or equal to the license expiration time, the verification fails.
Step S104, when the access request of the user to the module service corresponding to the current software is obtained, the access request is intercepted and checked based on the permission file.
Wherein the module service is a service provided by a module in a server in which the current software is installed.
In some possible embodiments, step S104 includes: when a service call request of a user is received, checking whether the license file is out of date; when the license file expires, the service invocation request is blocked. Checking whether the license file has expired may be accomplished based on whether the license file is permanently authorized, and the license start time and license expiration time, etc.
In the general software protection method, offline authorization management is only carried out for the expiration time, and the number of tenants of the system is not limited. Based on the above, the license content of the license file further includes a tenant number threshold; in other possible embodiments, step S104 includes: when receiving a user's request for creating tenants, judging whether the number of tenants in the current database is greater than or equal to a threshold value of the number of tenants in the permission file; when the number of tenants in the current database is greater than or equal to the threshold value of the number of tenants, blocking the request of creating the tenants; when the number of tenants in the current database is smaller than the threshold value of the number of tenants, the tenant creating request is processed normally, and the tenants are added successfully.
The current database refers to a database corresponding to a server provided with current software. The tenant number threshold may be set according to actual requirements, which is not limited herein. One customer may create multiple tenants, a tenant dactylotheca in accounting software.
According to the software offline authorization management method provided by the embodiment of the invention, when the license file of the current software to be imported is obtained, the license file is imported through checking the license file, and the imported license file is checked at fixed time; when an access request of a user to a module service corresponding to current software is obtained, intercepting and checking the access request based on a permission file; wherein the module service is a service provided by a module in a server in which the current software is installed. By adopting the triple verification mode of verification during import, timing verification after import and interception verification during service access, the correctness of the license file and the timeliness of license authorization can be ensured. Based on the authorized module information in the license file and the tenant number threshold, offline authorization management of individual system modules and limitation of tenant number can also be achieved.
For easy understanding, the software offline authorization management method described above is described in detail with reference to fig. 2 to 6.
And a triple verification mode is adopted to ensure the correctness of the license file and the timeliness of the authorized license, wherein the triple verification mode comprises the following steps:
1. and checking the license file during import.
2. And performing interception verification when the module service is accessed.
3. After the license file is imported, the license file is checked in a timing way, so that the license file is prevented from being tampered.
The embodiment of the invention introduces a method for realizing offline licensing of software, wherein some main keywords comprise: customer name, list of authorized modules (hereinafter referred to as module list), tenant number (hereinafter referred to as account set number), authorization server Mac address (hereinafter referred to as "Mac address"), authorization server IP address (hereinafter referred to as "IP address"), permission start time (hereinafter referred to as "start time"), permission expiration time (hereinafter referred to as "expiration time"), whether the permission is permanently authorized (hereinafter referred to as "whether it is permanently authorized"). The method specifically comprises the following steps:
and 0, generating a license file. Referring to fig. 2, how to generate the license file is described below in conjunction with fig. 2:
1) The license key information is filled in.
The user fills in the necessary fields such as module list, customer name, tenant number, mac address, IP address, start time, expiration time, whether to permanently authorize, etc. on the license file download platform.
2) And (5) checking key information.
The license file downloading platform verifies the filled information:
a) The authorization module needs to fill in the existing module in the current system (for example, the human resource module exists in the current system, but the reimbursement management module does not exist in the current system, the verification of the human resource module can be successful if the reimbursement management module is filled, and the verification fails), otherwise, the verification fails.
b) Mac address: whether the Mac address is in compliance with the rule (hexadecimal, total of 6 bytes, total of 48 bits, with "-" or "." or ": as separator), if not, the check fails.
c) Start time: the start time cannot be less than the current server system time.
d) Expiration time: the expiration time cannot be less than the current server system time and cannot be less than the start time.
And if the verification fails, ending the flow.
3) Generating a license lrc file (namely a license file) after verification is successful, and generating:
a) The key is defined internally (i.e. the internal key is a fixed string), and the public key and the private key are generated by using RSA algorithm.
b) And abstracting the content (namely key information) filled in by the user through an MD5 algorithm, integrating the content into a JSON format, putting the JSON format into an entity object, and carrying out encryption operation through a public key.
c) Lrc files are generated and downloaded locally. Local refers to the device where the client of the license file download platform is located.
Step 1, importing permissions, please refer to fig. 3, how to import permissions is described below with reference to fig. 3:
1) When the license file is imported, whether the license file is contained in the server or not is judged according to the path of the license file which is needed to be placed in, if so, the original license file is backed up, next license file analysis and license file verification are carried out, if the verification is passed, the original license file is directly deleted, and if the verification is failed, the original license file is restored. If not (i.e. the path for putting the license file according to the requirement determines that no license file exists), creating a folder, uploading the license file to a designated folder of a server, then carrying out next license file analysis and license file verification, and if verification fails, ending the flow.
2) Verifying the license file, comprising the steps of:
a) According to RSA algorithm, and through the key pair which has been generated before, the imported license file is resolved by using the private key.
b) The content of the checked file:
mac address: and judging whether the Mac address of the current server is consistent with the Mac address analyzed from the license file, if not, throwing out an import failure prompt.
And ii, judging whether the IP address of the current server is the same as the IP address analyzed in the permission, if not, throwing out an import failure prompt.
Judging whether the license file is permanently authorized, if so, jumping to the operation of the step c, otherwise, carrying out the next operation.
iv, judging the starting time: and comparing the starting time with the current server system time, if the starting time is larger than the current time, indicating that the license authorization period is not reached, throwing a prompt of the license authorization period is not reached, otherwise, carrying out the next judgment.
v. judging the ending time: and comparing the ending time with the current server system time, and if the ending time is smaller than the current system time, indicating that the license file is expired, throwing out a prompt that the license file is expired.
c) After verification is passed, storing the content into a cache, namely storing all the license contents analyzed in the license file into the cache.
Step 2, verifying permission:
1) Referring to fig. 4, how to perform the verification at the time of module start-up is described below with reference to fig. 4:
a) After the service is started, judging whether the license exists or not through a hook interface which is arranged when the service is started, if not (namely, the license does not exist), the starting fails, and the flow is ended; if so (i.e., a license exists), then a further determination is made.
b) Authentication is performed based on licensed content.
When the verification is passed, the service is started normally; when the authentication fails, the service start fails.
The process of verifying according to licensed content includes:
licensed content in the cache (from step 2, step 3 in step 1) can be obtained in the interface; taking out the authorized module list from the licensed content, judging whether the currently started module is in the licensed authorized module list, if so, performing the next step of judgment, otherwise, failing to verify, and prohibiting starting the module; judging the expiration time of the license: judging whether the current system time is smaller than the permission expiration time, if so, verifying to pass, and normally starting the module, otherwise, verifying to fail, and prohibiting starting the module.
2) Referring to fig. 5, the following describes how to perform service call time verification with reference to fig. 5:
a) During service verification, verifying the expiration time of the license file, wherein the verification process is as follows:
when a user request is received, obtaining the license content of the license file from the cache; checking whether the current license file is permanently authorized or not through a custom interceptor, if not, verifying whether the current time is greater than the expiration time of the license file, if so, indicating that the license file has expired; if it is permanently authorized or the current time is less than the expiration time of the license file, it is indicated that the license file has not expired.
b) When the license file expires, an exception is thrown. Such as throwing a prompt that the license has expired and blocking the user request.
c) When the license file is not expired, normally processing the service call request (such as inquiring list function) for the service call request; for the account number creating request, account number verification is carried out, and when verification fails, an exception is thrown, such as a prompt that the account number is out of limit is thrown, and the user request is blocked; and when the verification is passed, normally processing the user request, and successfully adding a new account cover.
When a user requests to create the account, judging whether the account number in the current database is larger than or equal to the account number allowed in the permission file, and if so, failing to verify; if it is less than, the verification passes.
3) Referring to fig. 6, how to perform timing verification (e.g., verification every 5 minutes) is described below in conjunction with fig. 6, in order to prevent the license file from being tampered with manually:
a) The asynchronous thread is started.
b) It is determined whether the license file is contained in the server.
And using the started thread to operate, and judging whether the permission file exists according to the designated file path. If not (i.e. the license file does not exist), an abnormal prompt is thrown, such as a prompt that the thrown file does not exist, and the module process is ended; if so (i.e. the license file exists), then the next step is performed.
c) The license file is parsed.
The RSA algorithm may be used and the license file is parsed using the private key by the generated key pair.
d) Judging whether the analysis is successful.
If not (i.e. analysis fails), indicating that the license file has been tampered, throwing an abnormal prompt, such as directly throwing the license to be tampered, and ending the module process; if yes (i.e. analysis is successful), the next judgment is made.
e) It is determined whether the file has been tampered with.
If yes (i.e. tampered), an abnormal prompt is thrown, such as a prompt that the throwing license has been tampered, and the module process is ended; if not (i.e., not tampered with), then the next verification is performed.
The mode of judging whether tampered is as follows: after analysis is successful, MD5 information in the license file is obtained and compared with the MD5 data which is put into the cache before, if the comparison fails, the file content is inconsistent, and the license file is tampered; if the comparison is successful, the license file is not tampered.
f) License file content verification.
If the verification fails, an abnormal prompt is thrown out, and the module process is ended; if the verification is successful, the process is ended.
License file content verification includes:
mac address verification: if the Mac address accords with the rule, the verification fails, a prompt that the Mac address does not accord with the rule is thrown out, and the current module process is ended; if the Mac address of the current server is consistent with the Mac address in the license file, judging whether the Mac address of the current server is consistent with the Mac address in the license file, if the Mac address of the current server is inconsistent with the Mac address in the license file, failing to verify, throwing out a prompt of inconsistent Mac address, ending the current module process, and if the Mac address is consistent with the Mac address, performing next verification.
ip address verification: judging whether the IP address of the current server is consistent with the IP address in the license file, if not, failing to verify, throwing out the prompt of inconsistent IP address, ending the current module process, and if so, performing the next verification.
And thirdly, judging that the license file is permanently authorized, if the license file is permanently authorized, successfully verifying, directly ending the judgment, and otherwise, performing the next operation.
iv, judging the starting time: and comparing the starting time with the current server system time, if the starting time is larger than the current time, indicating that the license authorization period is not reached, failing to verify, throwing a prompt of the license authorization period not reached, ending the currently started module process, and otherwise, carrying out the next judgment.
v. judging the ending time: and comparing the ending time with the current server system time, if the ending time is smaller than the current system time, indicating that the license file is expired, failing to verify, throwing out a prompt that the license file is expired, ending the currently started module process, and otherwise, successfully verifying.
The embodiment of the invention completes the closed loop of the authorized license of the single system module by using a triple verification mode, the license file to be modified can only be carried out by reintroducing a new license file, and the other license file modification modes are considered as illegal, thereby basically and effectively ensuring that the software is not infringed by pirate and ensuring the legal rights and interests of software manufacturers.
Corresponding to the software offline authorization management method, the embodiment of the invention also provides a software offline authorization management device. Referring to fig. 7, a schematic structural diagram of a software offline authorization management device, the device includes:
an import checking module 701, configured to, when a license file of current software to be imported is obtained, perform import of the license file by checking the license file;
a timing verification module 702, configured to perform timing verification on the imported license file;
an access verification module 703, configured to, when an access request of a user to a module service corresponding to the current software is obtained, intercept and verify the access request based on the permission file; wherein the module service is a service provided by a module in a server in which the current software is installed.
Further, the above-mentioned import checking module 701 is specifically configured to:
judging whether an original license file exists in a designated file path of the license file or not;
when the original license file exists, backing up the original license file, and storing the license file into the designated file path; checking preset contents of the license file, wherein the preset contents comprise Mac addresses, IP addresses and whether the Mac addresses and the IP addresses expire; when the verification is passed, deleting the original license file which is backed up; when verification fails, restoring the original license file to the appointed file path;
creating a specified folder under the specified file path when the original license file does not exist, and placing the license file under the specified folder; checking the preset content of the license file; and after the verification is passed, storing all the analyzed license contents in the license file into a cache.
Further, the timing verification module 702 is specifically configured to:
judging whether the license file exists in the designated file path or not;
when the license file exists, analyzing the license file by using a preset encryption and decryption algorithm and a generated key;
when the analysis is successful, consistency comparison is carried out on the first abstract information in the analyzed license file and the second abstract information in the cache;
when the comparison is successful, checking the preset content of the license file;
and when the verification is successful, determining that the license file is valid.
Further, the license content of the license file includes authorized module information; the device further comprises:
and the starting verification module is used for starting the current module based on the authorized module information in the license file when the current module corresponding to the current software is monitored to be started.
Further, the authorized module information is an authorized module list; the starting verification module is specifically used for:
judging whether the license file exists or not;
when the license file exists, acquiring license content in the cache;
acquiring an authorized module list and a license expiration time from the licensed content;
performing start-up verification on the current module based on the authorized module list and the license expiration time;
and when the verification is passed, starting the current module.
Further, the access verification module 703 is specifically configured to:
when a service call request of a user is received, checking whether the license file is out of date;
when the license file expires, the service invocation request is blocked.
Further, the license content of the license file further includes a tenant number threshold; the access verification module 703 is specifically further configured to:
when receiving a user's request for creating tenants, judging whether the number of tenants in the current database is greater than or equal to the threshold value of the number of tenants in the permission file;
and blocking the creating tenant request when the number of tenants in the current database is greater than or equal to the tenant number threshold.
The software offline authorization management device provided in this embodiment has the same implementation principle and technical effects as those of the foregoing embodiment of the software offline authorization management method, and for a brief description, reference may be made to corresponding contents in the foregoing embodiment of the software offline authorization management method where the embodiment of the software offline authorization management device is not mentioned.
As shown in fig. 8, an electronic device 800 provided in an embodiment of the present invention includes: the system comprises a processor 801, a memory 802 and a bus, wherein the memory 802 stores a computer program capable of running on the processor 801, and when the electronic device 800 runs, the processor 801 and the memory 802 communicate through the bus, and the processor 801 executes the computer program to realize the software offline authorization management method.
Specifically, the above-described memory 802 and processor 801 can be general-purpose memories and processors, and are not particularly limited herein.
The embodiment of the invention also provides a storage medium, and a computer program is stored on the storage medium, and the computer program is executed by a processor to execute the software offline authorization management method in the previous method embodiment. The storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a RAM, a magnetic disk, or an optical disk, etc., which can store program codes.
Any particular values in all examples shown and described herein are to be construed as merely illustrative and not a limitation, and thus other examples of exemplary embodiments may have different values.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.
Claims (10)
1. A software offline authorization management method, comprising:
when a license file of the current software to be imported is obtained, the license file is imported through verification, and the imported license file is verified at fixed time;
when an access request of a user to a module service corresponding to the current software is obtained, intercepting and checking the access request based on the permission file; wherein the module service is a service provided by a module in a server in which the current software is installed.
2. The software offline authorization management method according to claim 1, wherein the importing of the license file by verifying the license file comprises:
judging whether an original license file exists in a designated file path of the license file or not;
when the original license file exists, backing up the original license file, and storing the license file into the designated file path; checking preset contents of the license file, wherein the preset contents comprise Mac addresses, IP addresses and whether the Mac addresses and the IP addresses expire; when the verification is passed, deleting the original license file which is backed up; when verification fails, restoring the original license file to the appointed file path;
creating a specified folder under the specified file path when the original license file does not exist, and placing the license file under the specified folder; checking the preset content of the license file; and after the verification is passed, storing all the analyzed license contents in the license file into a cache.
3. The method for offline authorization management of software according to claim 1, wherein the performing timing verification on the imported license file includes:
judging whether the license file exists in the designated file path or not;
when the license file exists, analyzing the license file by using a preset encryption and decryption algorithm and a generated key;
when the analysis is successful, consistency comparison is carried out on the first abstract information in the analyzed license file and the second abstract information in the cache;
when the comparison is successful, checking the preset content of the license file;
and when the verification is successful, determining that the license file is valid.
4. The software offline authorization management method according to claim 1, wherein the license contents of the license file include authorized module information; after the license file is imported by checking the license file, the software offline authorization management method further comprises the following steps:
and when the current module corresponding to the current software is monitored to be started, starting the current module based on the authorized module information in the license file.
5. The software offline authorization management method according to claim 4, wherein the authorized module information is an authorized module list; the starting the current module based on the authorized module information in the license file comprises the following steps:
judging whether the license file exists or not;
when the license file exists, acquiring license content in the cache;
acquiring an authorized module list and a license expiration time from the licensed content;
performing start-up verification on the current module based on the authorized module list and the license expiration time;
and when the verification is passed, starting the current module.
6. The software offline authorization management method according to claim 1, wherein the intercepting and checking the access request based on the license file comprises:
when a service call request of a user is received, checking whether the license file is out of date;
when the license file expires, the service invocation request is blocked.
7. The software offline authorization management method according to claim 1, wherein the licensed content of the licensed file further includes a tenant number threshold; the intercepting and checking the access request based on the permission file comprises the following steps:
when receiving a user's request for creating tenants, judging whether the number of tenants in the current database is greater than or equal to the threshold value of the number of tenants in the permission file;
and blocking the creating tenant request when the number of tenants in the current database is greater than or equal to the tenant number threshold.
8. A software offline authorization management device, comprising:
the import verification module is used for importing the license file by verifying the license file when the license file of the current software to be imported is acquired;
the timing verification module is used for carrying out timing verification on the imported license file;
the access verification module is used for intercepting and verifying the access request based on the permission file when the access request of the user to the module service corresponding to the current software is obtained; wherein the module service is a service provided by a module in a server in which the current software is installed.
9. An electronic device comprising a memory, a processor, the memory having stored therein a computer program executable on the processor, wherein the processor implements the software offline authorization management method of any of claims 1-7 when the computer program is executed.
10. A storage medium having stored thereon a computer program, which when executed by a processor performs the software offline authorization management method according to any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311528592.XA CN117521035A (en) | 2023-11-16 | 2023-11-16 | Software offline authorization management method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311528592.XA CN117521035A (en) | 2023-11-16 | 2023-11-16 | Software offline authorization management method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117521035A true CN117521035A (en) | 2024-02-06 |
Family
ID=89750927
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311528592.XA Pending CN117521035A (en) | 2023-11-16 | 2023-11-16 | Software offline authorization management method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117521035A (en) |
-
2023
- 2023-11-16 CN CN202311528592.XA patent/CN117521035A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1342149B1 (en) | Method for protecting information and privacy | |
| US6256393B1 (en) | Authorization and access control of software object residing in set-top terminals | |
| US7698744B2 (en) | Secure system for allowing the execution of authorized computer program code | |
| EP1204910B1 (en) | Computer platforms and their methods of operation | |
| US9906509B2 (en) | Method for offline DRM authentication and a system thereof | |
| US9336369B2 (en) | Methods of licensing software programs and protecting them from unauthorized use | |
| US20070106981A1 (en) | Creating a relatively unique environment for computing platforms | |
| EP1203278B1 (en) | Enforcing restrictions on the use of stored data | |
| CN114186199B (en) | License authorization method and device | |
| CN111079091A (en) | Software security management method and device, terminal and server | |
| US8375442B2 (en) | Auditing a device | |
| JP5322065B2 (en) | Apparatus and method for digital rights management | |
| US9129098B2 (en) | Methods of protecting software programs from unauthorized use | |
| US10158623B2 (en) | Data theft deterrence | |
| US20030074563A1 (en) | Method for the secure distribution and use of electronic media | |
| CN108256351B (en) | File processing method and device, storage medium and terminal | |
| CN117521035A (en) | Software offline authorization management method and device, electronic equipment and storage medium | |
| CN111611551A (en) | Dynamic link library protection method and system based on state cryptographic algorithm | |
| EP1221077B1 (en) | Detection of suspect software objects and signatures after failed authentication | |
| CN117411714A (en) | Authorization authentication method and device for mimicry defending network equipment, electronic equipment and storage medium | |
| CN117540348A (en) | Method for generating and verifying software authorization file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |