TW200933380A - Hierarchical authorization management system and method thereof - Google Patents

Hierarchical authorization management system and method thereof Download PDF

Info

Publication number
TW200933380A
TW200933380A TW97103009A TW97103009A TW200933380A TW 200933380 A TW200933380 A TW 200933380A TW 97103009 A TW97103009 A TW 97103009A TW 97103009 A TW97103009 A TW 97103009A TW 200933380 A TW200933380 A TW 200933380A
Authority
TW
Taiwan
Prior art keywords
authorization
registration
management
client
management server
Prior art date
Application number
TW97103009A
Other languages
Chinese (zh)
Inventor
Chaucer Chiu
Zheng Chen
Original Assignee
Inventec Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inventec Corp filed Critical Inventec Corp
Priority to TW97103009A priority Critical patent/TW200933380A/en
Publication of TW200933380A publication Critical patent/TW200933380A/en

Links

Abstract

A hierarchical authorization management system and a method thereof are provided. The purpose of said system and said method is to solve the heavy loading and the difficulties to manage the authorization amount resulting from processing authorization procedures through single authorization management server. By authorizing each managing server via the authorization server, and managing the authorization amount by the managing server, said system and said method can therefore promote the efficiency of processing authorization management.

Description

200933380 九、發明說明: 【發明所屬之技術領域】 一種授權管理系統及方法,特別係指關於一種透過以授權 ' 伺服器統一授權給管理伺服器,並以管理伺服器針對授權數量 - 進行管理之階層式授權管理系統及方法。 【先前技術】 由於現今電腦儲存媒體及網路技術的快速發展,使得作業 β 系統、防毒軟體及一般應用程式等之電腦可執行平台上的程式 不僅可以透過燒錄器無限制的進行光碟片的拷貝,更可透過高 傳輸速度的網路無限制的進行傳播,因此,相較於以往電腦可 達成的技術來說’現今程式複製和傳播的便利性已大幅提昇。 然而,就程式開發者及生產者來說,程式的過度及非法傳播造 成了程式開發者研發的技術遭到剽竊,也使得程式生產者血本 無歸,因而嚴重地侵害了程式開發者及生產者的權利。 φ 有鑑於此一現象’程式開發者及生產者便建構了一套授權 機制。授權乃係一種用來保護程式智慧財產權的方式,其係透 過由使用程式的用戶端透過網路直接向授權管理伺服器進行 • δ主冊’授權管理伺服器透過用戶端傳送的註冊訊息,可以認證 用戶端是否具有使用權限,若用戶端經確認具有使用權限,便 可以被授權並啟動及使用程式,若用戶端不具有使用權限,則 程式將因未得到郷*無法使用。藉由授權管理,程式開發者 及生產者便可以避免一般大眾過度及非法傳播程式。 舉例來說,請參照「第1圖」,一般程式會針對不同群組 200933380 的使用者區分為不同授權數量的限制,例如程式使用對象係企 業、學校機關等群組或係個人等區分用戶端的授權數量等等。 饭》又現有不同群組分別為群組A11〇、群組及群組 . 每個群組中皆各自具有至少-個用戶端。在以往的授權管理方 • 式中’群組A11〇當中的用戶端⑴及m在進行安裝/卸載程 序時,必須透過各個用戶齡別對授權管理飼服器1〇〇傳送註 冊/反註冊請求,授權管理伺服器刚判斷用戶端ιη及ιΐ2 ❹ 符合使用權限時,授權管理伺服器100便傳送授權文件至群組 A110當中的用戶端U1及112上。同理,授權管理飼服器觸 將傳送授敎件至群_戶端121及群組C _戶端131 上各用戶知接收到了授權文件後,便可以更改註冊狀 態並啟動程式。 然而’在此種習知的鋪管理方式下,授齡理飼服器 100必須同時針對來自不同群組之不同用戶端分發授權文 ❹ 件,而當在同一群組内欲連上授權管理飼服器100的用戶端過 多時’便會造成授權管理系統⑽網路流量過大,從而影響授 ' 權程序的處理效能。另外,授權管理祠服器100在各用戶端分 ⑴進订5主冊/反註冊請求時’由於各用戶端皆係獨立來源,便 不^十對同一群組内的用戶端授權數量進行管理,因此,有必 要提出改進的技術手段,來解決上述問題。 【發明内容】 口馨於以上在先前技術中所提出以往透過單一授權伺 服器處理_程序《造成歸管糊㈣貞荷過重,以及授權 6 200933380 數量官理不易之現況’本發明目的在於提供一種階層式授權管 理系統及方法’可以用來解決先前技術中之待解決問題。 於本發明所揭露之階層式授權管理系統,其包括有:授權 伺服器’用以接收至少一個授權請求,並根據各授權請求傳送 對應之授權文件,其中各授權文件更包含一授權數量值;至少 一管理伺服器,其中各管理伺服器更用以:傳送授權請求至授 權伺服器上’並於接收到授權伺服器所傳送之授權文件時,啟 ❹ 動授權管理模式;及接收自至少一個用戶端發出且對應於各用 戶端之註冊/反註冊請求,並根據管理伺服器中之授權數量值 傳送對應之註冊狀態,及更新管理伺服器中之註冊數量值;及 至少一用戶端,其中各該用戶端更用以執行安裝/卸載程序, 並於執行各安裝/卸載程序時傳送各註冊/反註冊請求至各管理 伺服器上,及接收管理伺服器根據各註冊/反註冊請求所傳送 之各註冊狀態。 ❹ 於本發明所揭露之階層式授權管理方法,其包括有:管理 伺服器傳送授權請求至授權伺服器上;授權伺服器根據授權請 • 求傳送對應之授權文件,其中授權文件更包含授權數量值;當 管理伺服器接收到授權文件時,啟動授權管理模式;當用戶端 執行安裝/卸載程序時,該用戶端將傳送註冊/反註冊請求至管 理伺服器上;當管理伺服器接收到註冊/反註冊請求時,根據 管理伺服器中之授權數量值傳送對應之註冊狀態至用戶端 上;及用戶端接收註冊狀態。 透過上述的技術手段,本發明可以達成提升授權管理效能 7 200933380 之技術功效。 【實施方式】 以下將配合圖式及實施例來詳細說明本發明之實施方 • 式,藉此對本發明如何透過以授權伺服器統一授權給管理伺服 . 器,並以管理伺服器如何針對授權數量進行管理,來解決以往 透過單-授權管理舰器處理授權程序易造成授權管理飼服 器負荷過重,以及授權數量管理不易之問題,並就如何達成提 ❹ 升授權管理效能的實現過程進行說明,以供充分理解並據以實 施。 首先,請參考「第2圖」,本發明所述之階層式授權管理 系統之系統方塊圖,將說明本發明系統各組成方塊之運作。本 發明之階層式授權官理系統包含有一授權祠服器2〇〇、至少一 個管理伺服器A211及管理伺服器B221,及至少一個用戶端 212、213、222 及 223。200933380 IX. Description of the invention: [Technical field to which the invention pertains] An authorization management system and method, in particular, for managing a server by authorizing the server to be uniformly authorized to the management server and managing the number of authorizations by the management server. Hierarchical authorization management system and method. [Prior Art] Due to the rapid development of computer storage media and network technology, programs on computer executable platforms such as beta systems, anti-virus software and general applications can not only use the burner to perform optical discs without restrictions. Copying can be spread unrestrictedly through a network with a high transmission speed. Therefore, the convenience of copying and distributing the program has been greatly improved compared to the technology that can be achieved by computers in the past. However, in the case of programmers and producers, the excessive and illegal dissemination of programs has caused the plagiarism of the technology developed by the programmers, which has also made the program producers lose their money, thus seriously infringing the developers and producers. s right. In view of this phenomenon, program developers and producers have constructed a set of authorization mechanisms. Authorization is a way to protect the intellectual property rights of the program. It can be directly sent to the authorization management server through the network by the user terminal of the application. The registration message transmitted by the authorization management server through the user terminal can be Whether the authentication client has the permission to use, if the client is confirmed to have the permission to use, it can be authorized to start and use the program. If the client does not have the permission, the program will not be used because it is not available. With authorization management, programmers and producers can avoid excessive and illegal dissemination of programs by the general public. For example, please refer to "Figure 1". The general program will be divided into different authorization quantity limits for users of different groups 200933380. For example, the program uses the target company, the school institution, etc., or the individual to distinguish the user side. The number of licenses, etc. The different groups in the meal are group A11, group and group. Each group has at least one client. In the previous authorization management method, the client (1) and m in the group A11 are required to transmit the registration/anti-registration request to the authorized management server through each user age. When the authorization management server first judges that the user terminals ιη and ιΐ2 符合 meet the usage rights, the authorization management server 100 transmits the authorization file to the users U1 and 112 in the group A110. Similarly, the authorization management service device will transmit the authorization to the group_house 121 and the group C_the client 131. After the user knows that the authorization file has been received, the registration status can be changed and the program can be started. However, in this conventional shop management mode, the ageing server 100 must simultaneously distribute authorization documents for different users from different groups, and when it is in the same group, it is required to connect to the authorized management. When the number of clients of the server 100 is too large, the authorization management system (10) may cause excessive network traffic, thereby affecting the processing performance of the granting program. In addition, the authorization management server 100 assigns 5 main book/anti-registration requests to each user terminal. [Because each user terminal is an independent source, it does not manage the number of user authorizations in the same group. Therefore, it is necessary to propose improved technical means to solve the above problems. SUMMARY OF THE INVENTION The present invention has been proposed in the prior art by a single authorization server. The program "causes the veneer (4) to be overburdened, and the authorization 6 200933380 is not easy to be used." The hierarchical authorization management system and method 'can be used to solve the problem to be solved in the prior art. The hierarchical authorization management system disclosed in the present invention includes: an authorization server 'to receive at least one authorization request, and to transmit a corresponding authorization file according to each authorization request, wherein each authorization file further includes an authorization quantity value; At least one management server, wherein each management server is further configured to: transmit an authorization request to the authorization server and activate the authorization management mode when receiving the authorization file transmitted by the authorization server; and receive at least one The registration end/re-registration request sent by the client and corresponding to each client, and the corresponding registration status is transmitted according to the authorized quantity value in the management server, and the registration quantity value in the management server is updated; and at least one user end, wherein Each of the UEs is further configured to execute an install/uninstall program, and transmit each registration/anti-registration request to each management server when executing each install/uninstall program, and the receiving management server transmits the request according to each registration/anti-registration request. Each registration status. The hierarchical authorization management method disclosed in the present invention includes: the management server transmits an authorization request to the authorization server; and the authorization server transmits the corresponding authorization file according to the authorization request, wherein the authorization file further includes the authorized quantity. Value; when the management server receives the authorization file, the authorization management mode is activated; when the client performs the installation/uninstallation process, the client transmits a registration/anti-registration request to the management server; when the management server receives the registration / When the registration request is reversed, the corresponding registration status is transmitted to the client according to the authorized quantity value in the management server; and the user terminal receives the registration status. Through the above technical means, the present invention can achieve the technical effect of improving the authorization management performance 7 200933380. [Embodiment] The embodiments of the present invention will be described in detail below with reference to the drawings and embodiments, thereby how the invention can be uniformly authorized to the management server by the authorization server, and how the management server is directed to the authorized number. Management is carried out to solve the problem that the authorization management device is overloaded by the single-authorization management ship, and the authorization quantity management is not easy, and the implementation process of how to achieve the authorization management performance is explained. For full understanding and implementation. First, please refer to "FIG. 2", a system block diagram of the hierarchical authorization management system of the present invention, which will explain the operation of each component block of the system of the present invention. The hierarchical authorization system of the present invention comprises an authorization server, at least one management server A211 and management server B221, and at least one client 212, 213, 222 and 223.

❹ 授權伺服器200,用以接收來自至少一個管理伺服器A2U 及管理祠服器B221之授權請求’並根據來自管理祠服器A211 • 及管理伺服器B221的各授權請求傳送對應之授權文件。授權 文件中除了可以具有授權數量值外,同時也可以包含用戶名、 產品流水號、產品序號及版本號等任何授權所需要的資訊,而 本發明在此則不加以限定。 至少一個管理伺服器A211及管理伺服器B221,各個管 理伺服器211及管理伺服器B221可以根據不同群組A210及 群組B220分別設置,同時可以用來傳送一個授權請求到授權 8 200933380 伺服器200,以便取得授權文件。例如:某公司可設置一台專 屬於自己公司的管理伺服器A211,透過管理伺服器A2u,可 以向授權偃器2GG傳送授權請求,授權伺服器在接收到 . 授權5月求後’便會根據授權請求來產生相對應的授權文件,然The authorization server 200 is configured to receive an authorization request from at least one of the management server A2U and the management server B221 and transmit a corresponding authorization file according to each authorization request from the management server A211 and the management server B221. The authorization file may include the authorization quantity value, and may also include the information required for any authorization such as the user name, the product serial number, the product serial number, and the version number, and the present invention is not limited herein. At least one management server A211 and management server B221, each management server 211 and management server B221 can be respectively set according to different groups A210 and group B220, and can also be used to transmit an authorization request to the authorization 8 200933380 server 200. In order to obtain an authorization file. For example, a company can set up a management server A211 dedicated to its own company. Through the management server A2u, it can transmit an authorization request to the authorization device 2GG, and the authorization server receives the authorization. After the authorization is requested in May, it will be based on Authorize the request to generate the corresponding authorization file,

* 後將授權文件傳送到管理舰器A211當巾。管理舰器A2U 接收到授敎件後,便纽紐權管賴式,此時便可接收來 自管理飼服器A211所屬之群組A21〇的用戶端212及213執 ❹ 行安裝/卸載程序時所傳送的註冊/反註冊請求。同理,管理伺 服器B221與授權管理伺服器2〇〇、用戶端222及223之間的 運作方式亦相似,在此則不加贅述。 當管刻服H A211及管理销㈣B221接收到註冊/反註 冊請求時,將會先輯目前的註冊數量值與授敎件當中的授 權數量值。用戶端212、213、222及223執行安裝程序時,會 對管理伺服器A211及管理伺服器B221發出註冊請求,若註 ❿ 冊數量值不大於授權數量值,則代表目前的註冊數量尚未超出 授權可以使用程式的用戶數量,因此管理飼服器A21l及管理 舰1 B221將會傳m賴的註冊狀態給提出註冊請求 的用戶端212、213、222及223 ’當用戶端212、213、222及 223接收到已註冊的註冊狀態時,便可以繼續執行安裝程式直 到完成安裝動作,同時,也可以更新用戶端212、213、222 及223本地的註冊表。若執行安裝程序時註冊數量值大於授權 數量值’便表示欲註冊的用戶數量已經超過允許使用程式的用 戶數量,則管理伺服器A211及管理伺服器B22l便會拒絕註 9 200933380 冊’並傳送未註冊的註冊狀態,此時用戶端212、213、222 及223將會跳出安裳程序。另外,若用戶端 212'213 ' 222 及223執行的是卸载程序時,便會發出反註冊請求,此時管理 ' 舰器A211及管理做II B221將傳回未註冊的註冊狀態訊 息。 而由於識別用戶端212、213、222及223之前的註冊狀態 疋否為已註冊係透過觸網卡位址來達成,因此用戶端的網卡 ❹ 不能任意拆卸’同樣地,在管理伺服器A211及管理伺服器 B221中,也都具有網卡,因此可以透過網卡位址來作為授權 時的唯一識別。 接下來,將以「第2圖」及「第3圖」配合一實施例來說 明本發明之作法。 假设現有兩群組’分別為群組A21〇及群組B22〇,每個 群組當中皆設置有自己的管理祠服器,如「第2圖」中所示, ❹ 群組A210設置有管理伺服器A2U,群組B220中設置有管理 祠服器B221 ’同時管理词服器A211用以對欲進行註冊的用 戶端212及213進行授權管理,管理伺服器B221用以對欲進 行s主冊的用戶222及223進行授權管理。 如「第3圖」所示’首先,管理伺服器八^丨及管理伺服 器B221可以分別傳送授權請求至授權伺服器2〇〇 (步驟 3〇1) ’當授權伺服器200接收到各授權請求後,將根據各授權 请求傳送對應的授權文件至管理伺服器A2U及管理伺服器 B221上(步驟302)。授權管理文件當中,皆包含了各個群組 200933380 A210及群組B220的授權數量值。當管理伺服器A2n及管理 伺服器B221接收到授權伺服器2〇〇所產生之授權文件後,便 啟動授權管理模式(步驟303)。 . 當群組A210當中的用戶端212及213執行安裝/卸載程序 時’將會傳送註冊/反註冊請求至管理伺服器A211(步驟 3〇4) ’同樣地’群組B220當中的用戶端222及223執行安裝/ 卸載程序時,將會傳送註冊/反註冊請求至管理伺服器B221。 ❹ 當管理伺服器A211及管理伺服器B221接收到註冊/反註 冊π求時’會根據自授權伺服器2〇〇所接收的授權文件進行授 權管理’亦即管理飼服器Α211及|理祠服器Β221將會根據 授權類別及授權數量值傳送對應之註冊狀態至用戶端212、 2Π、222及223 (步驟305)。最後,用戶端212、213、222及 223便會接收到對應的註冊狀態(步驟3〇6)。 需要特別it行說_是,註驗祕根觀對註冊/反註 ❹ 求與授權數量值後所決定的。舉例來說,用戶端2丨2執行 安裝程序時發出了—個註冊請求^時管理伺服器A叫的 歸數里值仍小於授權數量值,或用戶端212先前的註冊狀態 匕經是⑽冊,則管理伺鮮A2U便會傳回已註冊的註冊狀 態’而當用戶端212接收到已註冊的註冊狀態時 ’便可以繼續 執行女裝&序直至安裝完成,並更_戶端2丨2的註冊表,以 及通知管理錬器趟更新授權數量值。若用戶端212發出 崎請求時已超過授權數量值,則此時管理飼服器趟便會 傳回未註冊的註冊狀態,用戶端212於接收到未註冊的註冊狀 200933380 態時,便會跳出安裝程序。 此外,各用戶端212、213、222及223和各管理伺服器 A211及管理词服器B221皆具有網卡,而網卡位址則可以作 • 為授權請求及註冊/反註冊請求時的識別。 • 最後,請參照本發明之圖式「第1圖」習知技術及「第2 圖」本發明之系統方塊圖,以往的授權管理係透過單一授權管 理伺服器1GG針對來自不同群組的用戶端進行授權,同一群組 ❹ 透過用戶端分別連線至授權管理伺服器1〇〇時,授權管理伺服 器100會因連入之用戶端過多,而造成負荷量過大之情況,同 時’授權管理伺服器100要管理同一群組的用戶端之授權數量 枯’便無法判斷該用戶端所屬之群組為何,往往造成不易管理 授權數量d題。iTij本發明透取授獅服H授權給管理 伺服器,並以管理飼服器針對授權數量進行管理之技術手段, 除了可以降低授權伺服器200的負荷量,亦可確實的針對同一 ❹ 群_賴魏量進行管理,藉此,便關_提升授權管理 效能之功效。 , 雜本發明_露之實齡式如上,惟騎之魄並非用 α直紐定本發明之專利職麵。任何本發賴屬技術領域 中具有通常知識者’在不脫離本發明所揭露之精神和範圍的前 提下’可以在實施的形式上及細節上作些許之更動。本發明之 專利保護範圍’仍須以所附之中請專利_所界定者為準。 【圖式簡單說明】 第1圖係習知技術之授權管理系統架構示意圖。 12 200933380 第2圖係本發明所述之階層式授權管理系統之系統方塊 圖。 第3圖係本發明所述之階層式授權管理方法之方法流程 圖。 【主要元件符號說明】 100 授權管理伺服器* After the authorization file is transferred to the management ship A211 as a towel. After the management ship A2U receives the license, the button is received, and at this time, the user terminals 212 and 213 from the group A21 belonging to the management server A211 are executed to perform the installation/uninstallation process. The registered/anti-registration request transmitted. Similarly, the operation mode between the management server B221 and the authorization management server 2, the client terminals 222 and 223 is similar, and will not be described herein. When the management of the H A211 and the management pin (4) B221 receives the registration/anti-registration request, the current registration quantity value and the authorized quantity value in the authorization item will be compiled. When the client terminals 212, 213, 222, and 223 execute the installation program, a registration request is issued to the management server A211 and the management server B221. If the number of registered registers is not greater than the authorized number, the current number of registrations has not exceeded the authorization. The number of users of the program can be used, so the management server A21l and the management ship 1 B221 will pass the registration status to the client terminals 212, 213, 222 and 223 of the request for registration - when the user terminals 212, 213, 222 and When the 223 receives the registered registration status, the installation program can be continued until the installation operation is completed, and the local registry of the users 212, 213, 222, and 223 can also be updated. If the number of registered values is greater than the authorized number when executing the installer, it means that the number of users to be registered has exceeded the number of users allowed to use the program, then the management server A211 and the management server B22l will reject the note 9 200933380 and transmit Registered registration status, at this time the client terminals 212, 213, 222 and 223 will jump out of the Anshang program. In addition, if the client terminals 212'213' 222 and 223 execute the uninstallation procedure, an anti-registration request is issued. At this time, the management 'ship A211 and management II B221 will return the unregistered registration status message. However, since the registration status before the identification of the user terminals 212, 213, 222, and 223 is achieved by the registered system through the touch network card address, the network card of the user terminal cannot be arbitrarily disassembled. Similarly, the management server A211 and the management server are In the B221, the network card is also provided, so that the network card address can be used as the unique identification when authorized. Next, the operation of the present invention will be described with reference to an embodiment with "Fig. 2" and "Fig. 3". Assume that the existing two groups 'group A21〇 and group B22, respectively, each have their own management server, as shown in Figure 2, ❹ Group A210 is set to manage The server A2U, the group B220 is provided with a management server B221', and the management word server A211 is used for authorizing management of the clients 212 and 213 to be registered, and the management server B221 is used for the s main book. Users 222 and 223 perform authorization management. As shown in "Figure 3", first, the management server and the management server B221 can respectively transmit the authorization request to the authorization server 2 (step 3〇1) 'When the authorization server 200 receives the authorizations After the request, the corresponding authorization file is transmitted to the management server A2U and the management server B221 according to each authorization request (step 302). The authorization management file contains the authorized quantity values of each group 200933380 A210 and group B220. When the management server A2n and the management server B221 receive the authorization file generated by the authorization server 2, the authorization management mode is started (step 303). When the client terminals 212 and 213 in the group A210 execute the install/uninstall program, 'the registration/anti-registration request will be transmitted to the management server A211 (step 3〇4) 'samely' the client terminal 222 among the group B220. And when the installation/uninstallation program is executed 223, a registration/anti-registration request is transmitted to the management server B221. ❹ When the management server A211 and the management server B221 receive the registration/anti-registration request, they will perform authorization management according to the authorization file received from the authorization server 2〇〇, that is, the management server 211 and the management device. The server 221 will transmit the corresponding registration status to the clients 212, 2, 222, and 223 according to the authorization category and the authorized quantity value (step 305). Finally, the client terminals 212, 213, 222, and 223 receive the corresponding registration status (step 3〇6). It is necessary to say it in a special way. _Yes, it is determined after the registration/anti-injection request and the authorized quantity value. For example, when the client 2丨2 executes the installer and sends a registration request, the management server A calls the value of the credit still less than the authorized number, or the previous registration status of the client 212 is (10). , the management of the fresh A2U will return the registered registration status 'When the user terminal 212 receives the registered registration status', you can continue to perform the women's clothing & order until the installation is completed, and more _ terminal 2丨2 of the registry, as well as the notification manager 趟 update the authorized quantity value. If the user terminal 212 has exceeded the authorized quantity value when issuing the request, the management server will return the unregistered registration status, and the user terminal 212 will jump out when receiving the unregistered registration status 200933380. Installer. In addition, each of the clients 212, 213, 222, and 223 and each of the management server A211 and the management word processor B221 have a network card, and the network card address can be used for identification of an authorization request and a registration/anti-registration request. • Finally, please refer to the system diagram of the first embodiment of the present invention and the second diagram of the system block diagram of the present invention. The previous authorization management system is for users from different groups through a single authorization management server 1GG. Authorization, the same group ❹ When connecting to the authorization management server through the user terminal, the authorization management server 100 may cause excessive load due to too many users connected, and at the same time 'authorization management The server 100 has to manage the number of authorized users of the same group. It is impossible to determine the group to which the user belongs, which often causes difficulty in managing the number of authorizations. iTij The invention passes the authorization of the lion service H to the management server, and manages the feeding device for the authorized quantity. In addition to reducing the load of the authorization server 200, it can also be sure for the same group _ Lai Weiquan manages, so that it can improve the effectiveness of authorization management. , Miscellaneous invention _ The age of the dew is as above, but the rider does not use the alpha straight to determine the patent position of the invention. Any person having ordinary skill in the art will be able to make some changes in the form and details of the implementation without departing from the spirit and scope of the invention. The scope of patent protection of the present invention must still be determined by the appended claims. [Simple description of the diagram] Fig. 1 is a schematic diagram of the architecture of the authorization management system of the prior art. 12 200933380 Figure 2 is a system block diagram of the hierarchical authorization management system of the present invention. Figure 3 is a flow chart showing the method of the hierarchical authorization management method of the present invention. [Main component symbol description] 100 Authorization management server

110 群組A110 Group A

111 用戶端 112 用戶端111 Client 112 Client

120 群組B 121 用戶端120 Group B 121 Client

130 群組C 131 用戶端 132 用戶端 200 授權伺服器130 Group C 131 Client 132 Client 200 Authorized Server

210 群組A210 Group A

211 管理伺服器A 212 用戶端 213 用戶端211 Management Server A 212 Client 213 Client

220 群組B220 Group B

221 管理伺服器B 222 用戶端 223 用戶端 13 200933380 步驟301管理飼服器傳送授權請求至授權舰器 步驟观授_服器根據授權請求傳送對應之授權文件 至管理伺服器 ' 步驟303啟動授權管理模式 . 步驟304當用戶端於執行安裝/卸載程序時傳送註冊/反 註冊請求至管理伺服器 步驟305當管理伺服器接收到註冊/反註冊請求時根據授 〇 權數量值傳送對應之註冊狀態至用戶端 步驟306用戶端接收註冊狀態 14221 Management Server B 222 Client 223 Client 13 200933380 Step 301 Manages the Feeder Transfer Authorization Request to the Authorized Ship Step View _ The server transmits the corresponding authorization file to the management server according to the authorization request. Step 303 Start Authorization Management Mode. Step 304: When the client executes the install/uninstall procedure, the registration/anti-registration request is sent to the management server. Step 305: When the management server receives the registration/anti-registration request, the corresponding registration status is transmitted according to the license quantity value to Client Step 306 User Receives Registration Status 14

Claims (1)

200933380 十、申請專利範圍: 1.種階層式授權管理系統,該系統包含: 〜授權伺服器,用以接收至少一個授權請求,並根據 ' 各該授權請求傳送對應之授權文件,其中各該授權文件更 • 包含授權數量值; 至少一管理伺服器,其中各該管理伺服器更用以: 傳送該授權請求至該授權伺服器上,並於接收到 該授權伺服器所傳送之該授權文件時,啟動授權管理 模式;及 接收自至少一個用戶端發出且對應於各該用戶端 之註冊/反註冊請求,並根據該管理伺服器中之該授權 數量值傳送對應之註冊狀態,及更新該管理伺服器中 之一註冊數量值;及 至少一用戶端,其中各該用戶端更用以執行安裝/卸载 ❿ 程序,並於執行各該安裝/卸載程序時傳送各該註冊/反註冊 晴求至各該管理伺服器上,及接收該管理伺服器根據各該 註冊/反註冊請求所傳送之各該註冊狀態。 . 2.如申請專利範圍第1項所述之階層式授權管理系統,其中 各該用戶端與各該管理伺服器係以網卡位址作為各終端唯 一識別之依據。 3.如申請專利範圍第1項所述之階層式授權管理系統,其中: 當用戶端執行安裝程序時將傳送註冊請求,其中: 若該註冊數量值不大於該授權數量值,或用戶端 15 200933380 之註冊狀態已經為已註冊時 冊狀態為已註冊,·及 怒庙 該授權數量_,則管理伺 服οσ傳送之註冊狀態為未註冊;及 當用戶端執行卸載程序時將傳送反註冊請求,則管理 伺服器傳送之註冊狀態為未註冊。200933380 X. Patent application scope: 1. A hierarchical authorization management system, the system comprises: an authorization server for receiving at least one authorization request, and transmitting corresponding authorization files according to each of the authorization requests, wherein each authorization The file further includes: an authorization quantity value; at least one management server, wherein each management server is further configured to: transmit the authorization request to the authorization server, and when receiving the authorization file transmitted by the authorization server And initiating an authorization management mode; and receiving a registration/anti-registration request issued by at least one client and corresponding to each client, and transmitting a corresponding registration status according to the authorized quantity value in the management server, and updating the management One of the number of registrations in the server; and at least one client, wherein each of the clients is further configured to execute an install/uninstall program, and each of the registration/re-registration is transmitted to each of the install/uninstall programs Each of the management servers, and receiving each of the notes transmitted by the management server according to each of the registration/anti-registration requests Book status. 2. The hierarchical authorization management system according to claim 1, wherein each of the user terminals and each of the management servers uses a network card address as a basis for unique identification of each terminal. 3. The hierarchical authorization management system according to claim 1, wherein: the registration request is transmitted when the client executes the installation program, wherein: if the registration quantity value is not greater than the authorization quantity value, or the user terminal 15 The registration status of 200933380 is already registered, the status of the registered book is registered, and the authorized number of the temple is _, the registration status of the management servo οσ transmission is unregistered; and the anti-registration request is transmitted when the client executes the uninstall program. Then the registration status of the management server transmission is unregistered. 4.如申請專利範圍第3項所述之階層式授權管理系統,其中·· 當用戶端執行安裝程序時: 若用戶端触狀崎絲為已註辦,則各用 戶端完成該安裝程序;及 若用戶端接收到之註冊狀態為未註冊時,則各用 戶端跳出該安裝程序;及 當用戶端執行卸載程序時: 若用戶端接收到之註冊狀態為未註冊時,則各用 戶端完成該卸載程序。4. The hierarchical authorization management system described in claim 3, wherein when the client executes the installation program: if the user terminal is ready to be installed, each client completes the installation procedure; And if the registration status received by the user terminal is not registered, each user terminal jumps out of the installation program; and when the user end performs the uninstallation process: if the registration status received by the user terminal is not registered, each user terminal completes The uninstaller. 則管理伺服器傳送之註 5·如申請專利範圍第4項所述之階層式授權管理系統,其中 各用戶端更於完成/跳出該安裝/卸載程序時更新各用戶端 之註冊表,及通知該管理伺服器更新該註冊數量值。 6. —種階層式授權管理方法,該方法包含下列步驟: 一管理伺服器傳送一授權請求至一授權飼服器上· 5玄授權伺服器根據該授權請求傳送對應之一授權文 件’其中該授權文件更包^--授權數量值; 當該管理祠服器接收到該授權文件時,啟動—授權管 16 200933380 理模式; 當一用戶端執行一安裝/卸載程序時,該用戶端將傳送 一註冊/反註冊請求至該管理伺服器上; 當該管理伺服器接收到該註冊/反註冊請求時,根據該 管理伺服器中之該授權數量值傳送對應之一註冊狀態至該 用戶端上;及 Λ 該用戶端接收該註冊狀態。Note that the management server transmits the message. 5. The hierarchical authorization management system described in claim 4, wherein each client updates the registry of each client and completes the notification when the installation/uninstallation procedure is completed/bounced. The management server updates the registration quantity value. 6. A hierarchical authorization management method, the method comprising the following steps: a management server transmits an authorization request to an authorized feeding device, and the fifth authorization server transmits a corresponding authorization file according to the authorization request. The authorization file is further encapsulated by the authorized quantity value; when the management server receives the authorization file, the activation-authorization pipe 16 200933380 is in the mode; when a client performs an installation/uninstallation process, the client transmits a registration/anti-registration request to the management server; when the management server receives the registration/anti-registration request, transmitting a corresponding registration status to the user terminal according to the authorized quantity value in the management server ; and Λ The client receives the registration status. 7.如申請專利範圍第6項所述之階層式授權管理方法,其中 該用戶端及各該管理伺服器係以網卡位址作為各終端之唯 一識別依據。 、 8·如申料纖圍第6項所述之階層式難管理方法,其中 該方法更包含下列步驟: 當用戶端執行安裝程序時將傳送註冊請求,其中: 若該註冊數量值不大於雛權數量值,或用戶端 之註冊狀態已經為已註冊時,則管理飼服器傳送之註 冊狀態為已註冊;及 若該註冊數量值大於該授權數量值時,則管理 服器傳送之ti冊狀態絲註冊;及 冊 田用戶端執仃卸載程序時’則管理伺服器傳送之古主 狀態為未註冊。 ** 9.如申請專利制第8項所述,層式授權管理方法,其中 該方法更包含下列步驟: 虽用戶端執行安裝程序時: 200933380 戶冊狀態為一咖 ::==冊_ 未,,_ 當用戶端執行卸载程序時: 則各用 右用戶端接收到之註冊狀態為未註冊時, 戶端完成該卸載程序。 e 10.如申明專利軌圍第9項所述之階層式授權管理方法 更 冊數 該方法更包3在各用戶端完成/跳出該安裝/卸载程序時、’ 新各用戶端之A冊表,及通知該管理飼服器更新該生 量值。7. The hierarchical authorization management method according to claim 6, wherein the user terminal and each of the management servers use the network card address as the sole identification basis of each terminal. 8. The hierarchical hard management method described in Item 6 of the claim, wherein the method further comprises the following steps: when the client executes the installer, a registration request is transmitted, wherein: if the registered quantity value is not greater than the young If the weight quantity value, or the registration status of the user end is already registered, the registration status of the management feeder is registered; and if the registration quantity value is greater than the authorized quantity value, the management server transmits the ti book Status silk registration; and when the Ueda user performs the uninstallation procedure, the old status of the management server transmission is unregistered. ** 9. As described in Item 8 of the patent application system, the layer authorization management method, wherein the method further comprises the following steps: Although the client executes the installer: 200933380 The status of the book is one coffee::==book_ ,, _ When the client executes the uninstaller: When the registration status received by each right client is unregistered, the client completes the uninstaller. e 10. If the number of the hierarchical authorization management methods described in item 9 of the patent track is more than the number 3, the method of package 3 is completed/bounced out of the installation/uninstallation procedure at each client, And notifying the management feeding device to update the raw value.
TW97103009A 2008-01-25 2008-01-25 Hierarchical authorization management system and method thereof TW200933380A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW97103009A TW200933380A (en) 2008-01-25 2008-01-25 Hierarchical authorization management system and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW97103009A TW200933380A (en) 2008-01-25 2008-01-25 Hierarchical authorization management system and method thereof

Publications (1)

Publication Number Publication Date
TW200933380A true TW200933380A (en) 2009-08-01

Family

ID=44865879

Family Applications (1)

Application Number Title Priority Date Filing Date
TW97103009A TW200933380A (en) 2008-01-25 2008-01-25 Hierarchical authorization management system and method thereof

Country Status (1)

Country Link
TW (1) TW200933380A (en)

Similar Documents

Publication Publication Date Title
WO2018072471A1 (en) Detection method, device and system for copyright protection
CN109478298B (en) Method and system for realizing block chain
JP5863128B2 (en) Software license control
CN107113300B (en) Multi-faceted computing instance identity
TWI413908B (en) Flexible licensing architecture for licensing digital application
JP4912406B2 (en) Transfer of digital license from the first platform to the second platform
US9003541B1 (en) Method and apparatus for desktop product license portability with user identity subscription using durable tokens
KR101492757B1 (en) Application usage policy enforcement
US20110213971A1 (en) Method and apparatus for providing rights management at file system level
JP2003500722A (en) Information protection method and device
US20060069653A1 (en) First computer process and second computer process proxy-executing code on behalf of first process
TW201040783A (en) Enhanced product functionality based on user identification
KR20030040427A (en) Systems and methods for integrity certification and verification of content consumption environments
US20080276321A1 (en) Secure Transfer Of Product-Activated Software To A New Machine Using A Genuine Server
CN103838987A (en) Software license dynamic authorization management method based on local area network
US20080165967A1 (en) Method and Device For Migrating a Specifically Encrypted Access Object From a First Terminal Unit to a Second Terminal Unit
Jakobsson et al. Discouraging software piracy using software aging
US9154508B2 (en) Domain membership rights object
TW202004635A (en) Method for processing a secure financial transaction using a commercial off-the-shelf or an internet of things device
US7979911B2 (en) First computer process and second computer process proxy-executing code from third computer process on behalf of first process
US20230245102A1 (en) Non Fungible Token (NFT) Based Licensing and Digital Rights Management (DRM) for Software and Other Digital Assets
US20220383282A1 (en) Digital rights management using distributed ledgers
TW200933380A (en) Hierarchical authorization management system and method thereof
JP6463337B2 (en) Remote installation of digital content
JP5338843B2 (en) Server apparatus and communication method