CN118245091A

CN118245091A - Authorized client application deployment method, apparatus, computer device and storage medium

Info

Publication number: CN118245091A
Application number: CN202410659085.8A
Authority: CN
Inventors: 聂知秘; 程雷; 罗永亮
Original assignee: Beijing Bige Big Data Co ltd
Current assignee: Beijing Bige Big Data Co ltd
Priority date: 2024-05-27
Filing date: 2024-05-27
Publication date: 2024-06-25

Abstract

The embodiment of the application provides an authorized client application deployment method, an authorized client application deployment device, computer equipment and a storage medium, wherein the method comprises the following steps: acquiring at least one application system corresponding to the authorized client, implanting the SDK of the authorized client into the application system, and writing the identification code and the name of the application system into the application system; each application system is deployed in a target cluster corresponding to an authorized client, wherein the application system automatically communicates with an authorized service platform through a GRPC protocol based on an SDK of the authorized client, the uniqueness of the application system is determined through an application system identification code and a name in combination with the identification information of the authorized service platform, the GRPC protocol is used for connecting the authorized service platform and the services of the application system, and the authorized client enables the authorized client to have a disconnection reconnection mechanism through the communication between the application system and the authorized service platform, so that the connection with the authorized service platform can be maintained, the latest authorization information of a product can be obtained in real time, and real-time verification is performed.

Description

Authorized client application deployment method, apparatus, computer device and storage medium

Technical Field

The present application relates to the field of authorization authentication technologies, and in particular, to an authorization client application deployment method, an authorization client application deployment device, a computer device, and a storage medium.

Background

The information-based rapid development and promotion enterprises continuously send application software to various industry users, so that the safety of the application software is also very important, and effective means are needed to improve the safety of independently researched and developed application software, so that the threat of piracy cracking is avoided, and the application software is also responsible for the use safety of clients. Generally, for a client using the internet as an application running environment, the client performs authorization and rights-limiting operations through an interface provided by an online access development enterprise, and there is no need to worry about the problem that an authorization code or a license is cracked, and online authorization is convenient, easy to use and wide in use, so that most enterprise clients can choose an online authorization mode.

Currently, digital signature, which is an anti-counterfeit technique, is mainly used, and it is able to verify the authenticity of data by means of a public key. That is, only the owner of the private key can acquire data that passes digital signature verification. Thus, no one can forge a digital signature unless the private key is compromised (typically stored on a server).

During the license generation process, the server digitally signs the license using an asymmetrically encrypted private key, and the client performs digital signature verification using a corresponding public key. Only after the verification is passed will the content of the license be verified again.

To increase the difficulty of cracking application software, the following methods are generally adopted:

First, apply a timestamp: the release time stamp is added into the license file, and if the specified time in the license file is smaller than the current time stamp, the license file cannot be used even if the system time is modified. In this way, the use of expired license files in new versions of application software is restricted.

Second, code decompilation: the decompilation difficulty of codes is enhanced, permission file verification is avoided by using codes which are easy to decompilate, and particularly, the situation that verification codes are directly changed into True and codes for storing public key character strings are required to be paid attention to avoid direct replacement. The difficulty of cracking can be increased by embedding the check liner code into the binary code and performing code confusion.

However, the client does not have a disconnection automatic reconnection mechanism, and needs to be reconnected after background configuration to acquire data.

Disclosure of Invention

The embodiment of the application provides an authorized client application deployment method, an authorized client application deployment device, computer equipment and a storage medium.

In a first aspect of the embodiment of the present application, there is provided a method for deploying an authorized client application, including:

Acquiring at least one application system corresponding to an authorization client, implanting an authorization client SDK into the application system, and writing an application system identification code and a name into the application system, wherein the authorization client SDK is internally provided with the authorization client, and encapsulates a registration instance of the authorization client, query instance authorization, query application system authorization and a program of the registration application system for calling;

each application system is deployed in a target cluster corresponding to an authorized client, wherein the application system automatically communicates with an authorized service platform through a GRPC protocol based on the SDK of the authorized client, the uniqueness of the application system is determined through combination of an application system identification code and a name and the identification information of the authorized service platform, and the GRPC protocol is used for connecting the authorized service platform and services of the application system.

In an optional embodiment of the present application, the acquiring an application system corresponding to the authorized client includes:

and exporting the application system corresponding to the authorized client from the license center platform in a file form.

In an optional embodiment of the present application, after the deploying each application system in the target cluster corresponding to the authorized client, the method further includes:

the authorization service platform acquires an application system authorization code, decrypts the application system authorization code to obtain authorization information, and sends the authorization information to the application system, wherein the application system authorization code is generated according to client identification information, authorization service platform identification information, the effective period of the application system, application system identification information and names and the number of application instances;

the application system analyzes the configuration item information of the SDK of the authorized client to obtain the configuration item information, checks the authorization information and the configuration item information, and determines that the authorization of the application system is successful after the verification is passed.

In an alternative embodiment of the application, the method further comprises:

each application system respectively monitors and acquires user authorized access behavior information, constructs an application change set, establishes a distributed block chain, and generates an access change coefficient from the access change set If access variation coefficient/>Sending a first early warning instruction to an authorization service platform according to the preset change threshold value; if access to the coefficient of variation/>When the preset change threshold value is less than or equal to the preset change threshold value, a first qualified instruction is sent to an authorization service platform;

Planning an application system authentication step by using a trained authorization authentication model to obtain a plurality of verification matching strip sets, wherein the verification matching strip sets comprise: identity authentication matching information bar, license matching information bar, equipment management matching information bar and geographic position authentication matching information bar, and information verification coefficient is generated according to a matching bar set If the information verification coefficient/>First threshold/>Generating and sending a second qualified instruction by the authorization service platform; when the information verifies the coefficient< First threshold/>Generating a second early warning instruction;

after the authorization service platform identifies the first qualified instruction and the second qualified instruction of the user, judging the priority authorization level and executing authorization actions on the user;

and triggering a corresponding safety response strategy after receiving the first early warning instruction and the second early warning instruction.

In an alternative embodiment of the application, the method further comprises:

acquiring user authorized access behavior information, including user login IP, application operation, access content and access flow information;

summarizing user access behavior information, extracting and acquiring access frequency fluctuation value fwbd, access content fluctuation value nrbd, access time fluctuation value sjbd, access right fluctuation value qxbd and access device fluctuation value sbbd of a user, and identifying and acquiring access fluctuation ratio And time interval ratio/>Constructing an application variation set; the access variation ratio/>Is generated by the following formula:

Wherein, ，/>，/>，/>，/>And (2) and，/>、/>、/>、/>And/>For the preset scaling factors of the access frequency variation fwbd, the access content variation nrbd, the access time variation sjbd, the access rights variation qxbd and the access device variation sbbd,Is a constant correction coefficient.

In an alternative embodiment of the application, the time interval ratioIs generated by the following formula:

Wherein, Representing the time interval between the jth access and the (j+1) th access of the user, m represents the total access times of the user, and calculating all access time intervals/>, of the userTo obtain the user's time interval ratio/>。

In an alternative embodiment of the application, the access variation ratio is based onAnd time interval ratio/>After dimensionless processing, mapping the corresponding data values to regions and mapping the corresponding data values to intervals/>And generating an access variation coefficient/>, according to the following formula：

Wherein,To access the preset mean value of the variation ratio,/>N is a positive integer greater than 1, which is a preset average value of the time interval ratio,/>N is the number of access behavior information; /(I)And/>Is a weight value; /(I)，/>And (2) and。

In a second aspect of the embodiment of the present application, there is provided an authorized client application deployment apparatus, including:

The system comprises an acquisition module, a query module and a storage module, wherein the acquisition module is used for acquiring at least one application system corresponding to an authorization client, implanting an authorization client SDK into the application system, writing an application system identification code and a name into the application system, wherein the authorization client SDK is internally provided with the authorization client, and packaging a registration instance, query instance authorization, query application system authorization and a program of the registration application system of the authorization client for calling;

The deployment module is used for deploying each application system in a target cluster corresponding to the authorized client, wherein the application system automatically communicates with the authorized service platform through a GRPC protocol based on the SDK of the authorized client, the uniqueness of the application system is determined through combining the identification code and the name of the application system with the identification information of the authorized service platform, and the GRPC protocol is used for connecting the authorized service platform and services of the application system.

In a third aspect of the embodiment of the present application, there is provided a computer apparatus including: comprising a memory storing a computer program and a processor implementing the steps of any one of the authorized client application deployment methods described above when the computer program is executed.

In a fourth aspect of embodiments of the present application, there is provided a computer readable storage medium having stored thereon a computer program, characterized in that the computer program when executed by a processor implements the steps of the authorized client application deployment method according to any one of the above.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:

FIG. 1 is a flow chart of a method for deploying an authorized client application provided in one embodiment of the application;

FIG. 2 is a flowchart of a method for deploying an authorized client application according to another embodiment of the present application;

FIG. 3 is a flowchart of a method for deploying an authorized client application provided in accordance with yet another embodiment of the present application;

FIG. 4 is a flowchart of a method for deploying an authorized client application according to yet another embodiment of the present application;

FIG. 5 is a schematic diagram of an authorized client application deployment device according to an embodiment of the present application;

FIG. 6 is a schematic diagram of a multi-level offline authorization system according to one embodiment of the present application;

fig. 7 is a schematic structural diagram of a computer device according to an embodiment of the present application.

Detailed Description

In the process of realizing the application, the inventor finds that the current client does not have a disconnection automatic reconnection mechanism, and the data is required to be obtained by reconnecting after background configuration.

In view of the above problems, an embodiment of the present application provides a method for deploying an authorized client application, including: acquiring at least one application system corresponding to an authorization client, implanting an authorization client SDK into the application system, and writing an application system identification code and a name into the application system, wherein the authorization client SDK is internally provided with the authorization client, and encapsulates a registration instance of the authorization client, query instance authorization, query application system authorization and a program of the registration application system for calling; each application system is deployed in a target cluster corresponding to an authorized client, wherein the application system automatically communicates with an authorized service platform through a GRPC protocol based on an SDK of the authorized client, the uniqueness of the application system is determined through an application system identification code and a name in combination with the identification information of the authorized service platform, the GRPC protocol is used for connecting the authorized service platform and the services of the application system, and the authorized client enables the authorized client to have a disconnection reconnection mechanism through the communication between the application system and the authorized service platform, so that the connection with the authorized service platform can be maintained, the latest authorization information of a product can be obtained in real time, and real-time verification is performed.

The scheme in the embodiment of the application can be realized by adopting various computer languages, such as object-oriented programming language Java, an transliteration script language JavaScript and the like.

In order to make the technical solutions and advantages of the embodiments of the present application more apparent, the following detailed description of exemplary embodiments of the present application is provided in conjunction with the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present application and not exhaustive of all embodiments. It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other.

Referring to fig. 1, the method for deploying an authorized client application provided in the embodiment of the present application includes the following steps S1-S2:

S1, acquiring at least one application system corresponding to an authorized client, implanting an SDK (software development kit) of the authorized client into the application system, and writing an application system identification code and a name into the application system, wherein the authorized client is built in the SDK of the authorized client, and packaging a registration instance, query instance authorization, query application system authorization and a program of the registered application system of the authorized client for calling.

S2, deploying each application system in a target cluster corresponding to the authorized client, wherein the application system automatically communicates with the authorized service platform through a GRPC protocol based on the SDK of the authorized client, and determines the uniqueness of the application system by combining the identification code and the name of the application system with the identification information of the authorized service platform, and the GRPC protocol is used for connecting the authorized service platform and the services of the application system.

Referring to fig. 2, the method for managing an authorized client instance provided in the embodiment of the present application includes the following steps S21 to S23:

S21, the authorization client sends an instance creation request to the authorization service platform, wherein the authorization client is implanted into an application system, and the application system and the authorization service platform are deployed in the same cluster environment.

In an alternative embodiment of the present application, before the authorization client sends the instance creation request to the authorization service platform, the method further comprises:

The authorization service platform acquires the authorization code of the application system, decrypts the authorization code of the application system, acquires the decrypted authorization code and sends the decrypted authorization code to the application system;

The application system analyzes the configuration item information of the SDK of the authorization client to obtain the configuration item information, checks the decrypted authorization code and the configuration item information, and determines that the authorization of the application system is successful after the verification is passed.

In an alternative embodiment of the present application, the application system communicates with the deployment authorization service platform via a GRPC protocol.

In an optional embodiment of the present application, an authorized service platform and an application system embedded with an SDK of an authorized client are deployed in a client site cluster environment, where the authorized service platform obtains cluster identification information, that is, the authorized service platform identification information, so as to be used when authorization is applied, and the uniqueness of the authorized service platform identification information and the application system identification information determines the application system in the client site cluster environment, so that the application system cannot be used across the cluster environment, and the spatial security of an authorized file is ensured.

S22, the authorization service platform receives an instance creation request, determines whether the number of available instances is 0, generates instance authorization codes under the condition that the number of available instances is not 0, and sends the instance authorization codes to the authorization client, wherein each instance corresponds to one instance authorization code; in the case where the number of available instances is 0, there is no response.

In an alternative embodiment of the present application, the determining whether the available instance is 0 includes:

Comparing the number of preset examples with the number of created actual examples, and determining that the available examples are not 0 when the number of created actual examples is smaller than the number of preset examples; in the case where the number of created actual instances is equal to the preset number of instances, it is determined that the available instance is 0.

S23, the authorization client receives the instance authorization code and creates an instance in the application system.

In an alternative embodiment of the present application, the application authorization code is generated based on the license center platform according to the client identification information, the authorization service platform identification information, the validity period of the application system, the application identification information and name, and the number of application instances.

In an alternative embodiment of the present application, when creating an instance in an application system, the creation quota is controlled according to the total number of instances of the authorization code of the application system, and each time an instance is created, the authorization client SDK automatically acquires the instance authorization code from the authorization service platform through the GRPC protocol, and each time an instance is created, an instance authorization code is generated. If the number of the instances exceeds the creation limit of the authorization application, the authorization service platform stops generating instance authorization codes. In addition, if the application system returns the instances, the total number of the instances is kept unchanged, the available instances are increased, the authorization service platform is restored to be normal, and a new instance authorization code is generated.

Referring to fig. 3, in an alternative embodiment of the present application, the application system is updated by:

s31, after the authorization of the application system is successful, the application system verifies whether the current time is within the valid period of the application system;

s32, under the condition that the current time is within the effective period of the application system, starting the use permission of the application system;

S33, under the condition that the current time is not within the effective time period of the application system in the decrypted authorization code, generating prompt information for updating the effective time period of the application system, and sending the prompt information to the authorization service platform.

In an alternative embodiment of the application, the method further comprises:

In an optional embodiment of the present application, the verifying the decrypted authorization code and the configuration item information includes:

Comparing the decrypted authorization code with client identification information, authorization service platform identification information, effective time period of the application system, application system identification information and name and application instance number in the configuration item information;

Under the condition that the decrypted authorization code is consistent with the client identification information, the authorization service platform identification information, the effective period of the application system, the application system identification information, the name and the number of application instances in the configuration item information, the verification is confirmed to pass;

And if any one of the decrypted authorization code and the client identification information in the configuration item information, the authorization service platform identification information, the effective time period of the application system, the application system identification information, the name and the number of the application instances is inconsistent, determining that verification is not passed, generating prompt information of updating the effective time period of the application system and sending the prompt information to the authorization service platform.

In an optional embodiment of the present application, after the generating the prompt information of the application system updating the valid period and sending the prompt information to the authorization service platform, the method further includes:

the authorization service platform acquires the updated application system authorization code, decrypts the updated application system authorization code, obtains the updated decrypted authorization code and sends the updated decrypted authorization code to the application system;

and the application system checks the updated decrypted authorization code and the configuration item information, and determines that the authorization of the application system is successful after the verification is passed.

Referring to fig. 4, in an alternative embodiment of the present application, before step S1, the method further includes:

S41, generating an application system authorization code corresponding to a target cluster by a license center platform, wherein the application system authorization code is generated according to client identification information, authorization service platform identification information, an effective period of an application system, application system identification information and names and the number of application instances, an authorization client SDK is implanted in the application system information, and the application system information comprises identification information and names of the application system;

s42, an authorized service platform and a preset application system are deployed in the target cluster, wherein the application system and the deployed authorized service platform communicate through a GRPC protocol;

s43, the authorization service platform acquires the authorization code of the application system, decrypts the authorization code of the application system, obtains the decrypted authorization code and sends the decrypted authorization code to the application system;

S44, the application system analyzes the configuration item information of the SDK of the authorized client to obtain the configuration item information, checks the decrypted authorization code and the configuration item information, and determines that the application system is authorized successfully after the verification is passed, so that the application system is allowed to log in the use instance.

In an optional embodiment of the present application, a license center in a cluster environment providing an application system fills in information about application authorization, including a user, third party application information, project information, cluster identification information of a deployed application system (authorized service platform identification information), an effective timestamp, the number of instances, and the number of application systems, and triggers an approval process of a third party for docking after the application is successful, and an appointed responsible person completes approval, and obtains an authorization code of the application system from the license center after approval is completed.

In an optional embodiment of the present application, in the client site cluster environment, the authorization service platform automatically discovers that the application system needs to be authorized first when being used for the first time, and gives the authorization code line of the application system acquired by the license center platform to the designated responsible person, and then pastes the authorization code under the application system corresponding to the authorization service platform.

In an alternative embodiment of the present application, the authorization service platform obtains the application system authorization code and decrypts the application system authorization code, including:

The authorization service platform decrypts the application system authorization code based on a preset private key.

In an optional embodiment of the present application, the license center platform and the authorization service platform may not be in the same cluster environment, and the license center platform may be deployed in the cluster environment that provides the service of the application system, as an entry for applying authorization; the authorization service platform and the application system which needs to be used by the client are deployed in the client site cluster environment, and the authorization service platform and the client site cluster environment have the capabilities of automatic discovery of the application, offline authorization and automatic verification of the authorization information.

In an alternative embodiment of the present application, the deploying an authorization service platform in a target cluster includes:

Creating a name space in the target cluster, and arranging an authorization file and an authorization service platform in the name space;

Binding an authorization file with an authorization service platform, wherein the authorization file comprises target cluster identification information, client identification information, application system identification information and a name.

In an alternative embodiment of the application, the method further comprises:

After the application system is successfully authorized, the application system verifies whether the decrypted authorization code is consistent with the target cluster identification information, the client identification information, the application system identification information and the name in the authorization file;

and under the condition that the decrypted authorization code is consistent with the target cluster identification information, the client identification information, the application system identification information and the name in the authorization file, displaying the current application system on the authorization service platform.

In an alternative embodiment of the present application, the license center platform is a center end, at least one target cluster is a remote end, and the license center platform is deployed by the following steps:

and deploying files respectively corresponding to each target cluster, wherein the files comprise authorization service platform identification information, valid time periods of the application system, application system identification information and the number of application instances.

In an alternative embodiment of the present application, the license center platform generates an application system authorization code corresponding to the target cluster through an asymmetric encryption algorithm.

In an alternative embodiment of the present application, the authorization item at the license center supports multi-level high-level configuration, including user, application system, deployment cluster environment, time stamp, instance/application number, and also supports configuration information modification according to service requirements, so that the present application is flexible, easy to use, safe and controllable.

In an alternative embodiment of the application, the method further comprises:

It should be understood that, although the steps in the flowchart are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the figures may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor does the order in which the sub-steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of other steps or other steps.

Referring to fig. 5, one embodiment of the present application provides an authorized client application deployment apparatus, including:

The acquiring module 11 is configured to acquire at least one application system corresponding to the authorized client, implant the authorized client SDK into the application system, and write the application system identifier and the name into the application system, where the authorized client SDK embeds the authorized client, encapsulates a registration instance of the authorized client, queries instance authorization, queries application system authorization, and registers a program of the application system for invocation;

the deployment module 12 is configured to deploy each application system in a target cluster corresponding to the authorized client, where the application system automatically communicates with the authorized service platform through a GRPC protocol based on the SDK of the authorized client, and determines the uniqueness of the application system by combining an application system identification code and a name with the identification information of the authorized service platform, and the GRPC protocol is used for connecting the authorized service platform and services of the application system.

For specific limitations on the above-mentioned authorized client application deployment apparatus, reference may be made to the above-mentioned limitations on the authorized client application deployment method, and no further description is given here. The various modules in the authorized client application deployment apparatus described above may be implemented in whole or in part in software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

Referring to fig. 6, an embodiment of the present application provides a multi-level offline authorization system, including an authorization client application deployment device, further including:

The license center platform is used for generating an application system authorization code corresponding to the target cluster, wherein the application system authorization code is generated according to client identification information, authorization service platform identification information, the effective period of an application system, application system identification information and names and the number of application instances, an authorization client SDK is implanted in the application system information, and the application system information comprises identification information and names of the application system;

the authorization service platform is deployed in the target cluster and used for acquiring the authorization code of the application system, decrypting the authorization code of the application system, obtaining the decrypted authorization code and sending the decrypted authorization code to the application system, wherein the application system and the deployment authorization service platform are communicated through a GRPC protocol;

The application system (product) is deployed in the target cluster and is used for analyzing the configuration item information of the SDK of the authorized client to obtain the configuration item information, checking the decrypted authorization code and the configuration item information, and determining that the application system is authorized successfully after the verification is passed, wherein an application deployment device of the authorized client is implanted in the application system.

In one embodiment, a computer device is provided, the internal structure of which may be as shown in FIG. 7. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is for storing data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements an authorized client application deployment method as described above. Comprising the following steps: the system comprises a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to realize any step in the method for deploying the authorized client application.

In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, may implement any of the steps in the method of client application deployment authorized above.

It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the application.

It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.

Claims

1. A method for authorizing client application deployment, comprising:

2. The method of claim 1, wherein the obtaining the application system corresponding to the authorized client comprises:

3. The method of claim 1, wherein after the deploying each application system in the target cluster corresponding to the authorized client, the method further comprises:

4. The method according to claim 1, wherein the method further comprises:

Planning an application system authentication step by using a trained authorization authentication model to obtain a plurality of verification matching strip sets, wherein the verification matching strip sets comprise: identity authentication matching information bar, license matching information bar, equipment management matching information bar and geographic position authentication matching information bar, and information verification coefficient is generated according to a matching bar set If the information verification coefficient/>First threshold/>Generating and sending a second qualified instruction by the authorization service platform; when information verification coefficient/>< First threshold/>Generating a second early warning instruction;

5. The method according to claim 4, wherein the method further comprises:

；

6. The method of claim 5, wherein the time interval ratioIs generated by the following formula:

；

7. The method of claim 6, wherein the access variation ratio is based onAnd time interval ratio/>After dimensionless processing, mapping the corresponding data values to regions and mapping the corresponding data values to intervals/>And generating an access variation coefficient/>, according to the following formula：

；

Wherein,To access the preset mean value of the variation ratio,/>N is a positive integer greater than 1 for a preset average of the time interval ratio,N is the number of access behavior information; bd _i is the access variation ratio of the ith access behavior information,/>And/>Is a weight value; /(I)，/>And/>。

8. An authorized client application deployment apparatus, comprising:

9. A computer device, comprising: comprising a memory and a processor, said memory storing a computer program, characterized in that the processor, when executing said computer program, implements the steps of the authorized client application deployment method of any one of claims 1 to 7.

10. A computer readable storage medium having stored thereon a computer program, characterized in that the computer program when executed by a processor implements the steps of the authorized client application deployment method of any one of claims 1 to 7.