TW202409861A - Authorization system, method and computer readable medium for software component usage - Google Patents

Authorization system, method and computer readable medium for software component usage Download PDF

Info

Publication number
TW202409861A
TW202409861A TW111130607A TW111130607A TW202409861A TW 202409861 A TW202409861 A TW 202409861A TW 111130607 A TW111130607 A TW 111130607A TW 111130607 A TW111130607 A TW 111130607A TW 202409861 A TW202409861 A TW 202409861A
Authority
TW
Taiwan
Prior art keywords
software component
user device
software
token
environment information
Prior art date
Application number
TW111130607A
Other languages
Chinese (zh)
Other versions
TWI816510B (en
Inventor
温立欣
張佳峰
洪嘉駿
張桂魁
官有富
繆嘉新
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW111130607A priority Critical patent/TWI816510B/en
Application granted granted Critical
Publication of TWI816510B publication Critical patent/TWI816510B/en
Publication of TW202409861A publication Critical patent/TW202409861A/en

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses an authorization system, method and computer readable medium for software component usage. A user device unforgeable token through an electronic device is produced according to a software component usage period, a software component warranty period and agreed user device environment information, and a software component unforgeable token for a software component is produced, and then combines the software component with the user device unforgeable token and the software component unforgeable token to insert into the user device. Next, when the user device wants to start the execution of the software component, the software component shall use the software component usage period, the software component warranty period and the agreed user device environment information of the user device unforgeable token and the software component unforgeable token to automatically or actively perform authorization check of the software components for the user device.

Description

軟體組件使用之授權系統、方法及電腦可讀媒介 Authorization systems, methods and computer-readable media for use of software components

本發明係關於一種軟體組件授權技術,特別是指一種軟體組件使用之授權系統、方法及電腦可讀媒介。 The present invention relates to a software component authorization technology, and in particular to an authorization system, method and computer-readable medium for the use of software components.

在資訊爆炸之現今社會中,每天以網路作為媒介傳播之軟體、音樂、視頻、遊戲等之資訊量極其龐大,但對於軟體組件發行端之各種軟體組件(如軟體/韌體/應用程式等),大多數的使用者並未知悉如何透過使用者裝置檢查或驗證各種軟體組件之來源性或合法性,亦無法於使用者裝置中自動或主動執行軟體組件之驗證授權或終止授權。 In today's information explosion society, the amount of information such as software, music, video, games, etc. that is disseminated through the Internet every day is extremely huge. However, for various software components (such as software/firmware/applications, etc.) on the software component distribution side, most users do not know how to check or verify the source or legitimacy of various software components through user devices, nor can they automatically or proactively perform verification and authorization or terminate authorization of software components in user devices.

在一現有技術中,提出一種使用軟體認證鏈進行軟體認證之方法及系統,係以位於軟體管理中心之管理系統所發放之軟體認證鏈,對已安裝或即將安裝在軟體載具上之軟體進行認證。 In an existing technology, a method and system for software authentication using a software authentication chain are proposed. The software authentication chain issued by the management system located in the software management center is used to perform software authentication on the software that has been installed or will be installed on the software carrier. Certification.

在另一現有技術中,提出一種基於應用數位簽名認證之開放API(應用程式介面)公共授權存取控制之方法,係以聯盟或第三方公共服務平台之形式建立開放API之公共授權機制,只有經過聯盟或公共服務平台 認證之Web(網路)應用程式或應用軟體產品才可以被授權使用聯盟或第三方公共服務平台內部之開放API。 In another prior art, a method of public authorization access control of open API (Application Programming Interface) based on application of digital signature authentication is proposed. A public authorization mechanism for open API is established in the form of an alliance or a third-party public service platform. Only Through the alliance or public service platform Only certified Web (network) applications or application software products can be authorized to use open APIs within the alliance or third-party public service platforms.

惟,上述現有技術皆無法由軟體組件發行端產生(產製出)具有可靠性、合法性與不可否認性之使用者裝置不可偽冒符記與軟體組件不可偽冒符記,且無法利用使用者裝置不可偽冒符記與軟體組件不可偽冒符記作為軟體組件之授權檢查之信任基礎,亦無法將使用者裝置不可偽冒符記結合各種時間資訊與使用者裝置環境資訊以達到軟體組件之授權檢查,也無法由軟體組件發行端公佈一公開資訊以驗證軟體組件不可偽冒符記之真偽,更無法在軟體組件不可偽冒符記之產生(產製)過程中加入軟體組件釋出時間或黑名單之使用者裝置環境資訊,以於使用者裝置出現違約時對軟體組件之使用授權進行限制或終止。 However, the above-mentioned existing technologies cannot generate (produce) user device non-counterfeiting symbols and software component non-counterfeiting symbols with reliability, legality and non-repudiation by the software component issuer, and cannot be used. The non-counterfeiting token of the user device and the non-counterfeiting token of the software component serve as the basis of trust for the authorization check of the software component. It is also impossible to combine the non-counterfeiting token of the user device with various time information and user device environment information to achieve the goal of software components. It is also impossible for the software component issuer to publish a public information to verify the authenticity of the software component's non-counterfeiting symbol, nor to include a software component explanation in the production (production) process of the software component's non-counterfeiting symbol. The user device environment information of the timeout or blacklist is used to restrict or terminate the use authorization of the software components when the user device defaults.

因此,如何提供一種創新之軟體組件授權技術,以解決上述之任一問題或提供相關之功能/服務,已成為本領域技術人員之一大研究課題。 Therefore, how to provide an innovative software component licensing technology to solve any of the above problems or provide related functions/services has become a major research topic for technical personnel in this field.

本發明提供一種創新之軟體組件使用之授權系統、方法及電腦可讀媒介,係能由軟體組件發行端產生(產製出)具有可靠性、合法性與不可否認性之使用者裝置不可偽冒符記與軟體組件不可偽冒符記,且利用使用者裝置不可偽冒符記與軟體組件不可偽冒符記作為軟體組件之授權檢查之信任基礎,或者將使用者裝置不可偽冒符記結合各種時間資訊(如軟體組件使用期限/軟體組件保固期限)與使用者裝置環境資訊以達到軟體組件之授 權檢查,亦或者由軟體組件發行端公佈一公開資訊以驗證軟體組件不可偽冒符記之真偽,又或者在軟體組件不可偽冒符記之產生(產製)過程中加入軟體組件釋出時間或黑名單之使用者裝置環境資訊,以於使用者裝置出現違約時對軟體組件之使用授權進行限制或終止。 The present invention provides an innovative authorization system, method and computer-readable medium for the use of software components, which can generate (produce) user devices with reliability, legality and non-repudiation by the software component issuing end and cannot be counterfeited. The token and the software component cannot be counterfeited, and the user device uncounterfeitable token and the software component uncounterfeitable token can be used as the basis of trust for the authorization check of the software component, or the user device uncounterfeitable token can be combined Various time information (such as software component usage period/software component warranty period) and user device environment information to achieve software component authorization Authorization inspection, or the software component issuer publishes a public information to verify the authenticity of the software component non-counterfeiting symbol, or adds software component release during the generation (production) process of the software component non-counterfeiting symbol Time or user device environment information in the blacklist to limit or terminate the use authorization of software components when the user device defaults.

本發明之軟體組件使用之授權系統包括:電子裝置,係依據軟體組件之軟體組件使用期限、軟體組件保固期限與約定之使用者裝置環境資訊產生使用者裝置不可偽冒符記,且電子裝置針對軟體組件產生軟體組件不可偽冒符記;以及至少一使用者裝置,係與電子裝置互相連結或通訊,以透過電子裝置將軟體組件結合使用者裝置不可偽冒符記與軟體組件不可偽冒符記,再將所結合之使用者裝置不可偽冒符記、軟體組件不可偽冒符記與軟體組件置入使用者裝置中,其中,當使用者裝置欲啟動執行軟體組件時,由軟體組件利用使用者裝置中之使用者裝置不可偽冒符記之軟體組件使用期限、軟體組件保固期限與約定之使用者裝置環境資訊及軟體組件不可偽冒符記,以自動或主動對使用者裝置進行軟體組件之授權檢查。 The software component authorization system of the present invention includes: an electronic device, which generates a user device non-counterfeit token based on the software component usage period, the software component warranty period and the agreed user device environment information of the software component, and the electronic device generates the software component non-counterfeit token for the software component; and at least one user device is interconnected or communicated with the electronic device to combine the software component with the user device non-counterfeit token and the software component non-counterfeit token through the electronic device. token, and then place the combined user device unforgeable token, software component unforgeable token and software component into the user device, wherein when the user device wants to start and execute the software component, the software component uses the software component usage period, software component warranty period and agreed user device environment information of the user device unforgeable token in the user device and the software component unforgeable token to automatically or proactively perform an authorization check on the user device for the software component.

本發明之軟體組件使用之授權方法包括:透過電子裝置依據軟體組件之軟體組件使用期限、軟體組件保固期限與約定之使用者裝置環境資訊產生使用者裝置不可偽冒符記,且透過電子裝置針對軟體組件產生軟體組件不可偽冒符記;透過電子裝置將軟體組件結合使用者裝置不可偽冒符記與軟體組件不可偽冒符記,以將所結合之使用者裝置不可偽冒符記、軟體組件不可偽冒符記與軟體組件置入使用者裝置;以及當使用者裝置欲啟動執行軟體組件時,由軟體組件利用使用者裝置中之使用者裝置不可偽冒符記之軟體組件使用期限、軟體組件保固期限與約定之使用者裝置環境資訊及軟體組 件不可偽冒符記,以自動或主動對使用者裝置進行軟體組件之授權檢查。 The software component use authorization method of the present invention includes: generating a user device non-counterfeit token through an electronic device according to the software component use period, the software component warranty period and the agreed user device environment information of the software component, and generating a software component non-counterfeit token for the software component through the electronic device; combining the software component with the user device non-counterfeit token and the software component non-counterfeit token through the electronic device to make the combined user device non-counterfeit token The user device cannot be forged token, the software component cannot be forged token, and the software component are placed in the user device; and when the user device wants to start and execute the software component, the software component uses the software component usage period of the user device cannot be forged token, the software component warranty period, the agreed user device environment information, and the software component cannot be forged token in the user device to automatically or proactively perform an authorization check on the user device for the software component.

本發明之電腦可讀媒介應用於計算裝置或電腦中,係儲存有指令,以執行上述之軟體組件使用之授權方法。 The computer-readable medium of the present invention is applied to a computing device or a computer and stores instructions for executing the authorization method for using the above-mentioned software components.

為使本發明之上述特徵與優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明。在以下描述內容中將部分闡述本發明之額外特徵及優點,且此等特徵及優點將部分自所述描述內容可得而知,或可藉由對本發明之實踐習得。應理解,前文一般描述與以下詳細描述二者均為例示性及解釋性的,且不欲約束本發明所欲主張之範圍。 In order to make the above features and advantages of the present invention more clearly understandable, the following examples are given and detailed descriptions are provided in conjunction with the attached drawings. The following description will partially explain the additional features and advantages of the present invention, and these features and advantages will be partially known from the description or can be learned through the practice of the present invention. It should be understood that both the general description above and the detailed description below are exemplary and explanatory, and are not intended to limit the scope of the present invention.

1:軟體組件使用之授權系統 1: Authorization system for the use of software components

10:電子裝置 10: Electronic devices

11:使用者裝置不可偽冒符記 11: User devices cannot forge tokens

111:軟體組件使用期限 111: Software component usage period

112:軟體組件保固期限 112: Software component warranty period

113:約定之使用者裝置環境資訊 113: Agreed user device environment information

12:軟體組件不可偽冒符記 12: Software components cannot forge tokens

121:軟體組件釋出時間 121:Software component release time

122:黑名單之使用者裝置環境資訊 122: Blacklist user device environment information

13:軟體組件 13: Software components

20:使用者裝置 20: User device

21:使用者裝置環境資訊 21: User device environment information

A:軟體組件發行端 A: Software component distributor

B:使用者 B:User

S01至510:步驟 S01 to 510: Steps

圖1為本發明之軟體組件使用之授權系統之架構示意圖。 Figure 1 is a schematic diagram of the architecture of the authorization system used by the software components of the present invention.

圖2為本發明之軟體組件使用之授權方法中有關軟體組件於使用者裝置中之授權檢查之流程示意圖。 FIG. 2 is a schematic flowchart of the authorization check of the software component in the user device in the authorization method for the use of the software component of the present invention.

以下藉由特定的具體實施形態說明本發明之實施方式,熟悉此技術之人士可由本說明書所揭示之內容了解本發明之其它優點與功效,亦可因而藉由其它不同具體等同實施形態加以施行或運用。 The following describes the embodiments of the present invention through specific specific embodiments. Those skilled in the art can understand other advantages and effects of the present invention from the content disclosed in this specification, and can also implement it through other different specific equivalent embodiments or Use.

圖1為本發明之軟體組件使用之授權系統1之架構示意圖。如圖所示,軟體組件使用之授權系統1可包括互相連結或通訊之至少一(如複數)軟體組件發行端A之電子裝置10以及至少一(如複數)使用者B之使用者裝置20等。軟體組件發行端A可透過電子裝置10產生(產製出)具有可 靠性、合法性與不可否認性之使用者裝置不可偽冒符記11與軟體組件不可偽冒符記12,以由軟體組件發行端A透過電子裝置10將軟體組件13結合(搭配)使用者裝置不可偽冒符記11與軟體組件不可偽冒符記12後置入使用者裝置20。使用者裝置不可偽冒符記11可至少包括軟體組件使用期限111、軟體組件保固期限112與約定之使用者裝置環境資訊113等,且軟體組件不可偽冒符記12可至少包括軟體組件釋出時間121與黑名單之使用者裝置環境資訊122(如黑名單之使用者裝置環境資訊列表/清單)等。 Figure 1 is a schematic structural diagram of an authorization system 1 used by software components of the present invention. As shown in the figure, the authorization system 1 for the use of software components may include at least one (such as plural) electronic device 10 of the software component issuer A and at least one (such as plural) user device 20 of user B that are connected or communicated with each other. . The software component issuer A can generate (produce) a software component through the electronic device 10 The user device non-counterfeiting sign 11 and the software component non-counterfeiting sign 12 of reliability, legality and non-repudiation are used by the software component issuer A to combine (match) the software component 13 with the user through the electronic device 10 The device non-counterfeiting token 11 and the software component non-counterfeiting token 12 are then installed into the user device 20 . The user device non-counterfeiting sign 11 may at least include the software component usage period 111, the software component warranty period 112, the agreed user device environment information 113, etc., and the software component non-counterfeiting sign 12 may at least include the software component release The time 121 and the user device environment information 122 of the blacklist (such as the user device environment information list/list of the blacklist), etc.

在一實施例中,軟體組件13可為各式各樣之軟體(software)、韌體(firmware)、應用軟體、應用程式(APP)、軟體開發套件(Software Development Kit;SDK)、套裝軟體、電腦程式產品等,且韌體可為嵌入或儲存於硬體中之軟體。軟體組件發行端A可為發行軟體組件13之個人、團體、公司、單位、組織、機構等,使用者B可為被軟體組件發行端A授權使用軟體組件13之個人、團體、公司、單位、組織、機構等。電子裝置10或使用者裝置20可為電腦、伺服器、智慧手機、智慧手錶、智慧電視、擴增實境(AR)眼鏡、虛擬實境(VR)眼鏡、物聯網嵌入式感測電子裝置等,電腦可為平板電腦、桌上型電腦、筆記型電腦等,伺服器可為中央伺服器、雲端伺服器、網路伺服器、遠端伺服器等。 In one embodiment, the software component 13 can be various software (software), firmware (firmware), application software, application program (APP), software development kit (Software Development Kit; SDK), packaged software, Computer program products, etc., and firmware can be software embedded or stored in hardware. The software component issuer A can be an individual, group, company, unit, organization, institution, etc. that issues the software component 13. The user B can be an individual, group, company, unit, etc. that is authorized by the software component issuer A to use the software component 13. Organizations, institutions, etc. The electronic device 10 or the user device 20 may be a computer, a server, a smartphone, a smart watch, a smart TV, augmented reality (AR) glasses, virtual reality (VR) glasses, an IoT embedded sensing electronic device, etc. , the computer can be a tablet computer, desktop computer, notebook computer, etc., and the server can be a central server, cloud server, network server, remote server, etc.

在一實施例中,使用者裝置不可偽冒符記11可為代表、證明或專屬於使用者B或使用者裝置20之不可偽冒符記(如電子憑證、自然人憑證等),軟體組件不可偽冒符記12可為代表、證明或專屬於軟體組件13之不可偽冒符記,且使用者裝置不可偽冒符記11或軟體組件不可偽冒符記12中之「符記(token)」亦可稱為令牌、代符、訊標、通證、權杖等。 In one embodiment, the uncounterfeitable token 11 of the user device may be an uncounterfeitable token (such as an electronic certificate, a natural person certificate, etc.) that represents, certifies or is unique to the user B or the user device 20, and the software component cannot The counterfeit token 12 may be an uncounterfeitable token that represents, certifies or is unique to the software component 13, and the user device device has the uncounterfeitable token 11 or the "token" in the software component's uncounterfeitable token 12 "It can also be called token, token, beacon, pass, scepter, etc."

軟體組件使用期限111、軟體組件保固期限112、軟體組件釋出時間121與軟體組件識別資訊可分別代表軟體組件13之使用期限、保固期限、釋出時間與識別資訊。約定之使用者裝置環境資訊113可為約定之硬體識別碼、應用程式識別碼、作業系統識別碼及軟體開發套件識別碼之至少一者,使用者裝置環境資訊21可為使用者裝置20之硬體識別碼、應用程式識別碼、作業系統識別碼及軟體開發套件識別碼之至少一者,「合約或約定」可代表軟體組件發行端A與使用者裝置20之真正持有者(如真正持有人)雙方之合約或約定。 The software component usage period 111, the software component warranty period 112, the software component release time 121 and the software component identification information may respectively represent the usage period, the warranty period, the release time and the identification information of the software component 13. The agreed user device environment information 113 may be at least one of the agreed hardware identifier, application identifier, operating system identifier, and software development kit identifier. The user device environment information 21 may be at least one of the hardware identifier, application identifier, operating system identifier, and software development kit identifier of the user device 20. The "contract or agreement" may represent the contract or agreement between the software component publisher A and the real owner of the user device 20 (such as the real owner).

在一實施例中,本發明所述「連結或通訊」可代表以有線方式(如有線網路)或無線方式(如無線網路)互相連結或通訊,「至少一」代表一個以上(如一、二或三個以上),「複數」代表二個以上(如二、三、四、五或十個以上)。但是,本發明並不以上述為限。 In one embodiment, the "connection or communication" mentioned in the present invention can represent mutual connection or communication through wired means (such as a wired network) or wireless means (such as a wireless network), and "at least one" means more than one (such as one, Two or more), "plural" means more than two (such as two, three, four, five or more than ten). However, the present invention is not limited to the above.

本發明之軟體組件使用之授權系統1及其方法中,先由至少一軟體組件發行端A透過電子裝置10依據軟體組件13之軟體組件使用期限111、軟體組件保固期限112與約定之使用者裝置環境資訊113產生(產製出)使用者裝置不可偽冒符記11,且由軟體組件發行端A透過電子裝置10針對軟體組件13產生(產製出)軟體組件不可偽冒符記12。繼之,由軟體組件發行端A透過電子裝置10將軟體組件13結合使用者裝置不可偽冒符記11與軟體組件不可偽冒符記12,以將所結合之使用者裝置不可偽冒符記11、軟體組件不可偽冒符記12與軟體組件13置入使用者裝置20中。當使用者裝置20欲啟動執行軟體組件13時,由軟體組件13先行利用使用者裝置20中之使用者裝置不可偽冒符記11之軟體組件使用期限111、軟體組件保固 期限112與約定之使用者裝置環境資訊113及軟體組件不可偽冒符記12,以自動或主動對使用者裝置20進行軟體組件13之授權檢查。 In the software component use authorization system 1 and its method of the present invention, at least one software component issuer A first uses the electronic device 10 according to the software component usage period 111, software component warranty period 112 and the agreed user device of the software component 13. The environment information 113 generates (produces) the user device non-counterfeiting token 11, and the software component issuer A generates (produces) the software component non-counterfeiting token 12 for the software component 13 through the electronic device 10. Subsequently, the software component issuer A combines the software component 13 with the user device non-counterfeiting symbol 11 and the software component non-counterfeiting symbol 12 through the electronic device 10, so that the combined user device non-counterfeiting symbol 12 11. The software components cannot be counterfeited to insert the token 12 and the software component 13 into the user device 20 . When the user device 20 wants to start executing the software component 13, the software component 13 first uses the software component service life 111 and software component warranty of the user device non-counterfeiting sign 11 in the user device 20. The deadline 112 and the agreed user device environment information 113 and the software component non-forgery token 12 are used to automatically or proactively perform authorization checks on the software component 13 on the user device 20 .

申言之,軟體組件發行端A透過電子裝置10在商業模式上與使用者裝置20之真正持有者簽訂合約或訂立約定後,可依據軟體組件13之各種時間資訊(如軟體組件使用期限111及軟體組件保固期限112等)與約定之使用者裝置環境資訊113(如約定之硬體識別碼/應用程式識別碼/作業系統識別碼/軟體開發套件識別碼之至少一者)產生/產製出一具有可靠性、合法性與不可否認性之使用者裝置不可偽冒符記11,且軟體組件發行端A亦可透過電子裝置10針對各種不同版本或更新版本之軟體組件13產生(產製出)一具有可靠性、合法性與不可否認性之軟體組件不可偽冒符記12。然後,軟體組件發行端A可透過電子裝置10將軟體組件13結合(搭配)使用者裝置不可偽冒符記11與軟體組件不可偽冒符記12,且將所結合(搭配)之軟體組件13、使用者裝置不可偽冒符記11與軟體組件不可偽冒符記12交付予使用者裝置20之真正持有者,以將使用者裝置不可偽冒符記11、軟體組件不可偽冒符記12與軟體組件13置入(如直接置入)使用者裝置20中。 In other words, after the software component distributor A signs a contract or makes an agreement with the real owner of the user device 20 in the business model through the electronic device 10, it can distribute the software component 13 according to various time information (such as the software component usage period 111 and the software component warranty period 112) and the agreed user device environment information 113 (such as the agreed hardware identification code/application identification code/operating system At least one of the unified identification code/software development kit identification code) generates/produces a user device non-counterfeiting token 11 with reliability, legality and non-repudiation, and the software component distributor A can also generate (produce) a software component non-counterfeiting token 12 with reliability, legality and non-repudiation for various different versions or updated versions of software components 13 through the electronic device 10. Then, the software component distributor A can combine (match) the software component 13 with the user device unforgeable token 11 and the software component unforgeable token 12 through the electronic device 10, and deliver the combined (matched) software component 13, the user device unforgeable token 11 and the software component unforgeable token 12 to the real owner of the user device 20, so as to place the user device unforgeable token 11, the software component unforgeable token 12 and the software component 13 into (such as directly into) the user device 20.

當使用者裝置20欲啟動執行軟體組件13時,軟體組件13可利用使用者裝置20中之使用者裝置不可偽冒符記11之資訊(如軟體組件使用期限111、軟體組件保固期限112、約定之使用者裝置環境資訊113)與軟體組件不可偽冒符記12,以自動或主動對使用者裝置20進行軟體組件13之授權檢查(如使用授權或保固授權之檢查)。若有必要,軟體組件13亦可從使用者裝置20中取得使用者裝置環境資訊21,以利依據使用者裝置20中之使用者裝置環境資訊21(如使用者裝置20之硬體識別碼/應用程式識別 碼/作業系統識別碼/軟體開發套件識別碼之至少一者)與使用者裝置不可偽冒符記11中約定之使用者裝置環境資訊113(如約定之硬體識別碼/應用程式識別碼/作業系統識別碼/軟體開發套件識別碼之至少一者)進行軟體組件之授權檢查(如使用授權或保固授權之檢查)。 When the user device 20 wants to start executing the software component 13, the software component 13 can use the information of the user device non-counterfeiting token 11 in the user device 20 (such as the software component usage period 111, software component warranty period 112, agreement The user device environment information 113) and the software component non-forgery token 12 are used to automatically or proactively perform authorization checks on the software components 13 (such as use authorization or warranty authorization checks) on the user device 20. If necessary, the software component 13 can also obtain the user device environment information 21 from the user device 20 to facilitate processing based on the user device environment information 21 in the user device 20 (such as the hardware identification code of the user device 20 / Application identification At least one of the code/operating system identification code/software development kit identification code) and the user device environment information 113 agreed in the user device non-counterfeiting mark 11 (such as the agreed hardware identification code/application identification code/ At least one of the operating system identification code/software development kit identification code) performs authorization check of the software component (such as use authorization or warranty authorization check).

軟體組件發行端A能產生(產製出)具有可靠性、合法性與不可否認性之使用者裝置不可偽冒符記11與軟體組件不可偽冒符記12,以利用使用者裝置不可偽冒符記11與軟體組件不可偽冒符記12確保使用者裝置20對於軟體組件13之信任。使用者裝置不可偽冒符記11之產生(產製)對象為使用者裝置20之真正持有者,軟體組件不可偽冒符記12之產生(產製)對象為各種不同版本或更新版本之軟體組件13。在軟體組件不可偽冒符記12之產生(產製)過程中,軟體組件發行端A可透過電子裝置10將軟體組件13之軟體組件釋出時間121加入軟體組件不可偽冒符記12中,必要時亦可將黑名單之使用者裝置環境資訊122(如黑名單之硬體識別碼/應用程式識別碼/作業系統識別碼/軟體開發套件識別碼之至少一者)加入軟體組件不可偽冒符記12中,以利於使用者裝置20出現違反合約或約定(違約)之情況時,依據軟體組件不可偽冒符記12中之軟體組件釋出時間121與黑名單之使用者裝置環境資訊122,對使用者裝置20進行軟體組件13(如不同版本或更新版本之軟體組件13)之使用授權之限制或終止。 The software component issuer A can generate (produce) a user device unforgeable token 11 and a software component unforgeable token 12 that are reliable, legal, and irrefutable, so as to use the user device unforgeable token 11 and the software component unforgeable token 12 to ensure the user device 20's trust in the software component 13. The user device unforgeable token 11 is generated (produced) for the real owner of the user device 20, and the software component unforgeable token 12 is generated (produced) for various versions or updated versions of the software component 13. During the generation (production) process of the software component unforgeable token 12, the software component distributor A can add the software component release time 121 of the software component 13 to the software component unforgeable token 12 through the electronic device 10, and can also add the blacklisted user device environment information 122 (such as at least one of the blacklisted hardware identifier/application identifier/operating system identifier/software development kit identifier) to the blacklisted user device environment information 122 if necessary. (i) is added to the software component non-forgery token 12, so that when the user device 20 violates the contract or agreement (breach of contract), the user device 20 is restricted or terminated from using the software component 13 (such as a different version or updated version of the software component 13) according to the software component release time 121 in the software component non-forgery token 12 and the user device environment information 122 in the blacklist.

因此,本發明之軟體組件使用之授權系統1及其方法能利用使用者裝置不可偽冒符記11(如電子憑證/自然人憑證)與軟體組件不可偽冒符記12作為軟體組件13之授權檢查(如使用授權或保固授權之檢查)之信任基礎,並將使用者裝置不可偽冒符記11結合(搭配)各種時間資訊(如軟體組 件使用期限111及軟體組件保固期限112等)與約定之使用者裝置環境資訊113(如約定之硬體識別碼/應用程式識別碼/作業系統識別碼/軟體開發套件識別碼之至少一者),以達到軟體組件13之授權檢查(如使用授權或保固授權之檢查),亦能應用於多種或不同商業模式之情境。 Therefore, the software component use authorization system 1 and method of the present invention can use the user device unforgeable token 11 (such as an electronic certificate/personal certificate) and the software component unforgeable token 12 as the trust basis for the authorization check of the software component 13 (such as the use authorization or warranty authorization check), and combine the user device unforgeable token 11 with various time information (such as the software component The software component usage period 111 and the software component warranty period 112, etc.) and the agreed user device environment information 113 (such as at least one of the agreed hardware identifier/application identifier/operating system identifier/software development kit identifier) are used to achieve the authorization check of the software component 13 (such as the use authorization or warranty authorization check), and can also be applied to multiple or different business model scenarios.

在一實施例中,本發明之軟體組件使用之授權系統1及其方法可包括下列:[1]使用者裝置不可偽冒符記11與軟體組件不可偽冒符記12之發行方法、[2]軟體組件13之授權檢查方法。 In one embodiment, the authorization system 1 and method for using software components of the present invention may include the following: [1] Issuance method of user device non-counterfeiting token 11 and software component non-counterfeiting token 12, [2] ] Authorization check method for software component 13.

[1]使用者裝置不可偽冒符記11與軟體組件不可偽冒符記12之發行方法:可包括下列程序P11至程序P13。 [1] The method for issuing the user device unforgeable token 11 and the software component unforgeable token 12 may include the following steps P11 to P13.

程序P11:軟體組件發行端A擁有並透過電子裝置10公佈能用於驗證由軟體組件發行端A所產生(產製)之使用者裝置不可偽冒符記11與軟體組件不可偽冒符記12之公開資訊(如公開驗證資訊)。亦即,軟體組件發行端A能透過電子裝置10公佈一公開資訊(如公開驗證資訊),以供軟體組件13利用公開資訊(如公開驗證資訊)自動或主動驗證軟體組件發行端A往後所產生(產製)之使用者裝置不可偽冒符記11與軟體組件不可偽冒符記12之真偽。 Procedure P11: The software component issuer A owns and publishes through the electronic device 10 the user device non-counterfeiting token 11 and the software component non-counterfeiting token 12 that can be used to verify that the software component issuer A generated (produced) Public information (such as public verification information). That is to say, the software component issuer A can publish a public information (such as public verification information) through the electronic device 10, so that the software component 13 can use the public information (such as public verification information) to automatically or actively verify the software component issuer A in the future. The generated user device cannot counterfeit the token 11 and the software component cannot counterfeit the authenticity of the token 12 .

程序P12:軟體組件發行端A透過電子裝置10針對不同合約下之使用者B之使用者裝置20產生(產製)及交付對應(不同)之使用者裝置不可偽冒符記11,使用者裝置不可偽冒符記11可包括軟體組件13之軟體組件資訊、軟體組件使用期限111、軟體組件保固期限112、軟體組件釋出時間121與約定之使用者裝置環境資訊113等各種資訊,且軟體組件資訊包括能識別軟體組件發行端A所授權使用之軟體組件13之相關資訊。亦 即,軟體組件發行端A可透過電子裝置10針對合約或約定之內容所發行之使用者裝置不可偽冒符記11記載各項可供授權使用驗證之資訊。 Procedure P12: The software component issuer A generates (produces) and delivers the corresponding (different) user device non-counterfeit token 11 to the user device 20 of user B under different contracts through the electronic device 10, and the user device The non-counterfeiting mark 11 may include various information such as software component information of the software component 13, software component usage period 111, software component warranty period 112, software component release time 121 and agreed user device environment information 113, and the software component The information includes relevant information that can identify the software component 13 authorized for use by the software component issuer A. as well as That is, the software component issuer A can record various information that can be verified for authorized use through the user device non-counterfeiting token 11 issued by the electronic device 10 according to the content of the contract or agreement.

程序P13:軟體組件發行端A透過電子裝置10針對不同版本或更新版本之軟體組件13產生相對應之軟體組件不可偽冒符記12,以將軟體組件不可偽冒符記12與軟體組件13一同釋出至使用者B之使用者裝置20,軟體組件不可偽冒符記12可包括軟體組件13之軟體組件資訊、軟體組件識別資訊、軟體組件釋出時間121、黑名單之使用者裝置環境資訊122(如黑名單之硬體識別碼/應用程式識別碼/作業系統識別碼/軟體開發套件識別碼之至少一者)等各種資訊,且軟體組件識別資訊可包括能識別軟體組件13之完整性及差異性之相關資訊。亦即,軟體組件發行端A可透過電子裝置10針對釋出軟體組件13所產生(產製)之軟體組件不可偽冒符記12記載各項可供授權使用驗證之資訊。 Procedure P13: The software component distributor A generates a corresponding software component unforgeable token 12 for a different version or updated version of the software component 13 through the electronic device 10, and releases the software component unforgeable token 12 and the software component 13 to the user device 20 of the user B. The software component unforgeable token 12 may include the software component 13. Information, software component identification information, software component release time 121, blacklisted user device environment information 122 (such as at least one of the blacklisted hardware identification code/application identification code/operating system identification code/software development kit identification code), and the software component identification information may include relevant information that can identify the integrity and difference of the software component 13. That is, the software component distributor A can record various information that can be used for authorized use verification in the software component non-forgery token 12 generated (produced) by the electronic device 10 for the released software component 13.

[2]軟體組件13之授權檢查方法:可包括下列程序P21至程序P28。 [2] Authorization checking method for software component 13: may include the following procedures P21 to P28.

程序P21:使用者B透過使用者裝置20將軟體組件發行端A之公開資訊(如公開驗證資訊)、使用者裝置不可偽冒符記11、軟體組件不可偽冒符記12與軟體組件13整合至使用者裝置20作使用。亦即,使用者B可透過使用者裝置20將軟體組件發行端A所提供之公開資訊(如公開驗證資訊)、使用者裝置不可偽冒符記11、軟體組件不可偽冒符記12與軟體組件13整合至使用者裝置20作使用,以於軟體組件13之功能運作前,能先行啟動軟體組件13之授權檢查機制。 Procedure P21: User B integrates the public information (such as public verification information) of the software component issuer A, the user device non-counterfeiting token 11, the software component non-counterfeiting token 12 and the software component 13 through the user device 20 to the user device 20 for use. That is, user B can use the user device 20 to combine the public information (such as public verification information) provided by the software component issuer A, the user device non-counterfeiting symbol 11, the software component non-counterfeiting symbol 12 with the software. The component 13 is integrated into the user device 20 for use, so that the authorization check mechanism of the software component 13 can be activated before the function of the software component 13 is operated.

程序P22:使用者裝置20驗證軟體組件13之來源性,且來 源性可為軟體組件13之來源可靠性、來源合法性或來源不可否認性。亦即,使用者裝置20可利用軟體組件發行端A所公佈之公開資訊(如公開驗證資訊)自動或主動驗證軟體組件13之來源性,以依據軟體組件13之來源性之驗證結果判定使用者裝置20能否使用此軟體組件13。例如,當軟體組件13之來源性之驗證結果為驗證通過(驗證成功)時,可初步判定使用者裝置20有望或能使用此軟體組件13,亦可在程序P22至P28之驗證結果皆為驗證通過(驗證成功)才最終判定使用者裝置20能使用此軟體組件13(但不以此為限)。反之,當軟體組件13之來源性之驗證結果為未驗證通過(驗證失敗)時,直接判定使用者裝置20無法使用此軟體組件13。 Procedure P22: The user device 20 verifies the origin of the software component 13, and then The origin may be the source reliability, source legality or source non-repudiation of the software component 13 . That is, the user device 20 can use the public information (such as public verification information) published by the software component issuer A to automatically or actively verify the source of the software component 13, so as to determine the user based on the verification result of the source of the software component 13. Whether the device 20 can use this software component 13. For example, when the verification result of the source of the software component 13 is verification passed (verification successful), it can be preliminarily determined that the user device 20 is expected or able to use this software component 13, or the verification results in procedures P22 to P28 can all be verification. Only through (successful verification) can it be finally determined that the user device 20 can use the software component 13 (but is not limited to this). On the contrary, when the verification result of the source of the software component 13 is unverified (verification failed), it is directly determined that the user device 20 cannot use the software component 13 .

程序P23:軟體組件13驗證使用者裝置不可偽冒符記11之來源性及正確性,且來源性可為使用者裝置不可偽冒符記11之來源可靠性、來源合法性或來源不可否認性。亦即,軟體組件13可利用軟體組件發行端A所公佈之公開資訊(如公開驗證資訊)自動或主動驗證使用者裝置不可偽冒符記11之來源性及正確性,以依據使用者裝置不可偽冒符記11之來源性及正確性之驗證結果判定使用者裝置20能否使用此軟體組件13。例如,當使用者裝置不可偽冒符記11之來源性及正確性之驗證結果為驗證通過(驗證成功)時,可初步判定使用者裝置20有望或能使用此軟體組件13,亦可在程序P22至P28之驗證結果皆為驗證通過(驗證成功)才最終判定使用者裝置20能使用此軟體組件13(但不以此為限)。反之,當使用者裝置不可偽冒符記11之來源性及正確性之驗證結果為未驗證通過(驗證失敗)時,直接判定使用者裝置20無法使用此軟體組件13。 Procedure P23: The software component 13 verifies the source and correctness of the uncounterfeitable symbol 11 of the user device, and the source can be the source reliability, source legality or source non-repudiation of the user device's uncounterfeitable symbol 11 . That is to say, the software component 13 can automatically or proactively verify the source and correctness of the user device's non-counterfeit mark 11 by using the public information (such as public verification information) published by the software component issuer A to ensure that the user device cannot be counterfeited according to the user's device. The verification results of the origin and correctness of the counterfeit token 11 determine whether the user device 20 can use the software component 13 . For example, when the verification result of the source and correctness of the uncounterfeitable token 11 of the user device is verification passed (verification successful), it can be preliminarily determined that the user device 20 is expected or able to use the software component 13, and it can also be determined in the program The verification results from P22 to P28 are all verification passed (verification successful) before it is finally determined that the user device 20 can use the software component 13 (but is not limited to this). On the contrary, when the verification result of the source and correctness of the user device's unforgeable token 11 is unverified (verification failed), it is directly determined that the user device 20 cannot use the software component 13 .

程序P24:軟體組件13驗證軟體組件不可偽冒符記12之來 源性及正確性,且來源性可為軟體組件不可偽冒符記12之來源可靠性、來源合法性或來源不可否認性。亦即,軟體組件13可利用軟體組件發行端A所公佈之公開資訊(如公開驗證資訊)自動或主動驗證軟體組件不可偽冒符記12之來源性及正確性,以依據軟體組件不可偽冒符記12之來源性及正確性之驗證結果判定使用者裝置20能否使用此軟體組件13。例如,當軟體組件不可偽冒符記12之來源性及正確性之驗證結果為驗證通過(驗證成功)時,可初步判定使用者裝置20有望或能使用此軟體組件13,亦可在程序P22至P28之驗證結果皆為驗證通過(驗證成功)才最終判定使用者裝置20能使用此軟體組件13(但不以此為限)。反之,當軟體組件不可偽冒符記12之來源性及正確性之驗證結果為未驗證通過(驗證失敗)時,直接判定使用者裝置20無法使用此軟體組件13。 Procedure P24: Software component 13 verifies that the software component cannot be counterfeited and comes from the symbol 12 Source and correctness, and the source may be the reliability of the source, legality of the source or non-repudiation of the source of the software component's non-counterfeiting symbol 12. That is to say, the software component 13 can use the public information (such as public verification information) published by the software component issuer A to automatically or actively verify the source and correctness of the software component non-counterfeiting mark 12, so as to ensure that the software component cannot be counterfeited. The verification result of the origin and correctness of the token 12 determines whether the user device 20 can use the software component 13 . For example, when the verification result of the source and correctness of the software component non-counterfeiting symbol 12 is verification passed (verification successful), it can be preliminarily determined that the user device 20 is expected or able to use the software component 13, or in the process P22 The verification results up to P28 are all verification passed (verification successful) before it is finally determined that the user device 20 can use the software component 13 (but is not limited to this). On the contrary, when the verification result of the source and correctness of the software component unforgery mark 12 is unverified (verification failed), it is directly determined that the user device 20 cannot use the software component 13 .

程序P25:軟體組件13驗證約定之使用者裝置環境資訊113。亦即,軟體組件13可驗證使用者裝置20中之使用者裝置環境資訊21是否符合使用者裝置不可偽冒符記11中約定之使用者裝置環境資訊113,以依據使用者裝置環境資訊21與約定之使用者裝置環境資訊113之驗證結果判定使用者裝置20能否使用此軟體組件13。例如,當使用者裝置環境資訊21符合約定之使用者裝置環境資訊113,使得約定之使用者裝置環境資訊113之驗證結果為驗證通過(驗證成功)時,可初步判定使用者裝置20有望或能使用此軟體組件13,亦可在程序P22至P28之驗證結果皆為驗證通過(驗證成功)才最終判定使用者裝置20能使用此軟體組件13(但不以此為限)。反之,當使用者裝置環境資訊21不符合約定之使用者裝置環境資訊113,使得約定之使用者裝置環境資訊113之驗證結果為未驗證通過(驗證失敗)時, 直接判定使用者裝置20無法使用此軟體組件13。 Procedure P25: The software component 13 verifies the agreed user device environment information 113. That is, the software component 13 can verify whether the user device environment information 21 in the user device 20 conforms to the agreed user device environment information 113 in the user device unforgeable token 11, and determine whether the user device 20 can use the software component 13 based on the verification result of the user device environment information 21 and the agreed user device environment information 113. For example, when the user device environment information 21 meets the agreed user device environment information 113, so that the verification result of the agreed user device environment information 113 is verification passed (verification success), it can be preliminarily determined that the user device 20 is expected to or can use this software component 13, and it can also be finally determined that the user device 20 can use this software component 13 only when the verification results of procedures P22 to P28 are all verification passed (verification success) (but not limited to this). On the contrary, when the user device environment information 21 does not meet the agreed user device environment information 113, so that the verification result of the agreed user device environment information 113 is not verification passed (verification failure), it is directly determined that the user device 20 cannot use this software component 13.

程序P26:軟體組件13驗證使用授權之軟體組件使用期限111(有效期限)。亦即,軟體組件13可利用使用者裝置20之系統時間與使用者裝置不可偽冒符記11中之軟體組件使用期限111進行有效期限之驗證,以依據使用者裝置20之系統時間與軟體組件使用期限111之驗證結果判定使用者裝置20能否使用此軟體組件13。例如,當使用者裝置20之系統時間在軟體組件使用期限111之範圍內,使得軟體組件使用期限111之驗證結果為驗證通過(驗證成功)時,可初步判定使用者裝置20有望或能使用此軟體組件13,亦可在程序P22至P28之驗證結果皆為驗證通過(驗證成功)才最終判定使用者裝置20能使用此軟體組件13(但不以此為限)。反之,當使用者裝置20之系統時間未在軟體組件使用期限111之範圍內,使得軟體組件使用期限111之驗證結果為未驗證通過(驗證失敗)時,直接判定使用者裝置20無法使用此軟體組件13。 Procedure P26: Software component 13 verifies the usage period 111 (validity period) of the software component authorized for use. That is to say, the software component 13 can use the system time of the user device 20 and the software component usage period 111 in the user device non-forgery token 11 to verify the validity period based on the system time of the user device 20 and the software component. The verification result of the usage period 111 determines whether the user device 20 can use the software component 13 . For example, when the system time of the user device 20 is within the range of the software component usage period 111, so that the verification result of the software component usage period 111 is verification passed (verification successful), it can be preliminarily determined that the user device 20 is expected or able to use this The software component 13 can also be finally determined that the user device 20 can use the software component 13 (but is not limited to this) when the verification results of procedures P22 to P28 are all passed (verification successful). On the contrary, when the system time of the user device 20 is not within the range of the software component usage period 111 and the verification result of the software component usage period 111 is unverified (verification failed), it is directly determined that the user device 20 cannot use the software. Component 13.

程序P27:軟體組件13驗證授權之軟體組件保固期限112。亦即,軟體組件13可利用軟體組件不可偽冒符記12中之軟體組件釋出時間121與使用者裝置不可偽冒符記11中之軟體組件保固期限112進行保固期限之驗證,以依據軟體組件釋出時間121與軟體組件保固期限112之驗證結果判定使用者裝置20能否使用此軟體組件13。例如,當軟體組件釋出時間121在軟體組件保固期限112之範圍內,使得軟體組件保固期限112之驗證結果為驗證通過(驗證成功)時,可初步判定使用者裝置20有望或能使用此軟體組件13,亦可在程序P22至P28之驗證結果皆為驗證通過(驗證成功)才最終判定使用者裝置20能使用此軟體組件13(但不以此為限)。反 之,當軟體組件釋出時間121不在軟體組件保固期限112之範圍內,使得軟體組件保固期限112之驗證結果為未驗證通過(驗證失敗)時,直接判定使用者裝置20無法使用此軟體組件13。 Procedure P27: Software component 13 verifies the authorized software component warranty period 112. That is, the software component 13 can use the software component release time 121 in the software component non-counterfeiting symbol 12 and the software component warranty period 112 in the user device non-counterfeiting symbol 11 to verify the warranty period. The verification results of the component release time 121 and the software component warranty period 112 determine whether the user device 20 can use the software component 13 . For example, when the software component release time 121 is within the range of the software component warranty period 112, so that the verification result of the software component warranty period 112 is verification passed (verification successful), it can be preliminarily determined that the user device 20 is expected or able to use the software. The component 13 can also be finally determined that the user device 20 can use the software component 13 (but is not limited to this) when the verification results of procedures P22 to P28 are all passed (verification successful). opposite In other words, when the software component release time 121 is not within the scope of the software component warranty period 112 and the verification result of the software component warranty period 112 is unverified (verification failed), it is directly determined that the user device 20 cannot use the software component 13 .

程序P28:軟體組件13驗證軟體組件不可偽冒符記12中黑名單之使用者裝置環境資訊122,例如黑名單之硬體識別碼/應用程式識別碼/作業系統識別碼/軟體開發套件識別碼之至少一者。亦即,軟體組件13可利用使用者裝置不可偽冒符記11中約定之使用者裝置環境資訊113與軟體組件不可偽冒符記12中黑名單之使用者裝置環境資訊122進行黑名單之檢索或驗證,以依據約定之使用者裝置環境資訊113與黑名單之使用者裝置環境資訊122之檢索或驗證結果判定使用者裝置20能否使用此軟體組件13。例如,當從黑名單之使用者裝置環境資訊122中未檢索到約定之使用者裝置環境資訊113,使得黑名單之使用者裝置環境資訊122之驗證結果為驗證通過(驗證成功)時,可初步判定使用者裝置20有望或能使用此軟體組件13,亦可在程序P22至P28之驗證結果皆為驗證通過(驗證成功)才最終判定使用者裝置20能使用此軟體組件13(但不以此為限)。反之,當從黑名單之使用者裝置環境資訊122中已檢索到約定之使用者裝置環境資訊113,使得黑名單之使用者裝置環境資訊122之驗證結果為未驗證通過(驗證失敗)時,直接判定使用者裝置20無法使用此軟體組件13。 Procedure P28: Software component 13 verifies that the software component cannot counterfeit the user device environment information 122 in the blacklist in token 12, such as the blacklist's hardware identification code/application identification code/operating system identification code/software development kit identification code At least one of them. That is to say, the software component 13 can use the user device environment information 113 agreed in the user device non-counterfeiting token 11 and the user device environment information 122 of the blacklist in the software component non-counterfeiting token 12 to perform blacklist retrieval. Or verification, to determine whether the user device 20 can use the software component 13 based on the retrieval or verification results of the agreed user device environment information 113 and the blacklisted user device environment information 122 . For example, when the agreed user device environment information 113 is not retrieved from the user device environment information 122 of the blacklist, so that the verification result of the user device environment information 122 of the blacklist is verification passed (verification successful), it may be initially It is determined that the user device 20 is expected or able to use the software component 13. It can also be determined that the user device 20 can use the software component 13 after the verification results of procedures P22 to P28 are all verified (verification successful) (but not in this way). limited). On the contrary, when the agreed user device environment information 113 has been retrieved from the blacklisted user device environment information 122, so that the verification result of the blacklisted user device environment information 122 is not verified (verification failed), directly It is determined that the user device 20 cannot use the software component 13 .

在一實施例中,本發明之軟體組件使用之授權系統1及其方法亦可包括下列:[1]使用者裝置不可偽冒符記11之產生(產製)、[2]軟體組件不可偽冒符記12之產生(產製)。 In one embodiment, the authorization system 1 and method for using the software component of the present invention may also include the following: [1] Generation (production) of the user device non-counterfeitable mark 11, [2] Software component non-counterfeitable The production (production system) of Maofuji 12.

[1]使用者裝置不可偽冒符記11之產生(產製):使用者裝置 20之真正持有者與軟體組件發行端A約定完成軟體組件13之使用授權與保固授權,且使用者裝置20之真正持有者與軟體組件發行端A雙方一併約定完成軟體組件13之軟體組件使用期限111、軟體組件保固期限112與約定之使用者裝置環境資訊113(如約定之硬體識別碼/應用程式識別碼/作業系統識別碼/軟體開發套件識別碼之至少一者)。繼之,軟體組件發行端A可透過電子裝置10依據軟體組件使用期限111、軟體組件保固期限112與約定之使用者裝置環境資訊113等各種資訊產生(產製出)具有可靠性、合法性與不可否認性之使用者裝置不可偽冒符記11。 [1] The user device cannot forge the generation (production) of the token 11: The true owner of the user device 20 and the software component publisher A agree to complete the use authorization and warranty authorization of the software component 13, and the true owner of the user device 20 and the software component publisher A agree to complete the software component usage period 111, software component warranty period 112 and agreed user device environment information 113 (such as at least one of the agreed hardware identifier/application identifier/operating system identifier/software development kit identifier) of the software component 13. Next, the software component issuer A can generate (produce) a user device non-forgeable token 11 with reliability, legitimacy and non-repudiation through the electronic device 10 according to various information such as the software component usage period 111, the software component warranty period 112 and the agreed user device environment information 113.

[2]軟體組件不可偽冒符記12之產生(產製):軟體組件發行端A可透過電子裝置10將不同版本或更新版本之軟體組件13之軟體組件釋出時間121與黑名單之使用者裝置環境資訊122(如黑名單之硬體識別碼/應用程式識別碼/作業系統識別碼/軟體開發套件識別碼之至少一者)加入,以產生(產製出)具有可靠性、合法性與不可否認性之軟體組件不可偽冒符記12。 [2] Generation (production) of the software component non-counterfeit sign 12: The software component issuer A can use the electronic device 10 to release the software component 121 of different versions or updated versions of the software component 13 and use the blacklist The device environment information 122 (such as at least one of the blacklisted hardware identification code/application identification code/operating system identification code/software development kit identification code) is added to generate (produce) products that are reliable and legal. Software components with non-repudiation cannot be counterfeited12.

再者,軟體組件發行端A可透過電子裝置10依照合約或約定將使用者裝置不可偽冒符記11、軟體組件不可偽冒符記12與軟體組件13一併交付予使用者裝置20之真正持有者,以將使用者裝置不可偽冒符記11、軟體組件不可偽冒符記12與軟體組件13直接置入使用者裝置20中。每當軟體組件13在使用者裝置20中被啟動時,軟體組件13可執行如下列圖2所示一連串之授權檢查(如使用授權或保固授權之檢查),以決定使用者裝置20能否執行軟體組件13。 Furthermore, the software component distributor A can deliver the user device non-forgeable token 11, the software component non-forgeable token 12 and the software component 13 to the real owner of the user device 20 through the electronic device 10 in accordance with the contract or agreement, so as to directly place the user device non-forgeable token 11, the software component non-forgeable token 12 and the software component 13 into the user device 20. Whenever the software component 13 is activated in the user device 20, the software component 13 can perform a series of authorization checks (such as usage authorization or warranty authorization checks) as shown in the following FIG. 2 to determine whether the user device 20 can execute the software component 13.

圖2為本發明之軟體組件使用之授權方法中有關軟體組件13於使用者裝置20中之授權檢查(如使用授權或保固授權之檢查)之流程示意 圖,並參閱圖1予以說明。同時,軟體組件13於使用者裝置20中之授權檢查可包括如圖2所示步驟S01至S10,但本實施例僅作為示範,且能調整步驟S02至S09之先後順序或減少步驟S02至S09之至少一者(視實際需求而定)。 Figure 2 is a schematic flowchart of the authorization check (such as use authorization or warranty authorization check) of the software component 13 in the user device 20 in the authorization method for the use of software components of the present invention. Figure, and refer to Figure 1 for explanation. At the same time, the authorization check of the software component 13 in the user device 20 may include steps S01 to S10 as shown in FIG. 2 , but this embodiment is only used as an example, and the order of steps S02 to S09 can be adjusted or the steps S02 to S09 can be reduced. At least one of them (depending on actual needs).

在步驟S01中,軟體組件13開始檢查,亦即軟體組件13自動或主動於使用者裝置20中進行授權檢查(如使用授權或保固授權之檢查)。 In step S01 , the software component 13 starts checking, that is, the software component 13 automatically or actively performs authorization checking (such as usage authorization or warranty authorization checking) in the user device 20 .

在步驟S02中,軟體組件13自動或主動檢查使用者裝置20中是否存在使用者裝置不可偽冒符記11?若是(使用者裝置20中存在使用者裝置不可偽冒符記11),則軟體組件13繼續進行下列步驟S03。反之,若否(使用者裝置20中不存在使用者裝置不可偽冒符記11),則軟體組件13自動或主動判定使用者裝置不可偽冒符記11未通過授權檢查(授權檢查失敗),使得使用者裝置20無法執行軟體組件13。 In step S02, does the software component 13 automatically or actively check whether there is a user device non-forgeable token 11 in the user device 20? If yes (the user device non-forgeable token 11 exists in the user device 20), the software component 13 proceeds to the following step S03. On the contrary, if no (the user device non-forgeable token 11 does not exist in the user device 20), the software component 13 automatically or actively determines that the user device non-forgeable token 11 has not passed the authorization check (authorization check failed), so that the user device 20 cannot execute the software component 13.

在步驟S03中,軟體組件13自動或主動檢查使用者裝置20中之使用者裝置不可偽冒符記11是否由軟體組件發行端A所產生/產製?若是(使用者裝置不可偽冒符記11由軟體組件發行端A所產生/產製),則軟體組件13繼續進行下列步驟S04。反之,若否(使用者裝置不可偽冒符記11並非由軟體組件發行端A所產生/產製),則軟體組件13自動或主動判定使用者裝置不可偽冒符記11之產生/產製未通過授權檢查(授權檢查失敗),使得使用者裝置20無法執行軟體組件13。 In step S03, the software component 13 automatically or actively checks whether the user device non-forgery mark 11 in the user device 20 is generated/produced by the software component issuer A? If so (the user device non-forgery token 11 is generated/produced by the software component issuer A), then the software component 13 proceeds to the following step S04. On the contrary, if not (the non-counterfeitable symbol 11 of the user device is not generated/produced by the software component issuer A), then the software component 13 automatically or actively determines the generation/production of the non-counterfeitable symbol 11 of the user device. The authorization check fails (authorization check fails), so that the user device 20 cannot execute the software component 13 .

在步驟S04中,軟體組件13自動或主動從使用者裝置20中取得使用者裝置20之系統時間,以檢查使用者裝置20之系統時間是否在使用者裝置不可偽冒符記11中之軟體組件使用期限111之範圍內?若是(使 用者裝置20之系統時間在軟體組件使用期限111之範圍內),則軟體組件13繼續進行下列步驟S05。反之,若否(使用者裝置20之系統時間不在軟體組件使用期限111之範圍內),則軟體組件13自動或主動判定使用者裝置20之系統時間未通過授權檢查(授權檢查失敗),使得使用者裝置20無法執行軟體組件13。 In step S04 , the software component 13 automatically or actively obtains the system time of the user device 20 from the user device 20 to check whether the system time of the user device 20 is within the software component in the user device non-forgery mark 11 Within the period of use 111? If so (make The system time of the user device 20 is within the range of the software component usage period 111), then the software component 13 continues to the following step S05. On the contrary, if not (the system time of the user device 20 is not within the range of the software component usage period 111), the software component 13 automatically or actively determines that the system time of the user device 20 has failed the authorization check (authorization check failed), so that the use The device 20 cannot execute the software component 13.

在步驟S05中,軟體組件13自動或主動從使用者裝置20中取得使用者裝置環境資訊21(如硬體識別碼/應用程式識別碼/作業系統識別碼/軟體開發套件識別碼之至少一者),以檢查使用者裝置環境資訊21是否符合使用者裝置不可偽冒符記11中約定之使用者裝置環境資訊113(如約定之硬體識別碼/應用程式識別碼/作業系統識別碼/軟體開發套件識別碼之至少一者)?若是(使用者裝置環境資訊21符合約定之使用者裝置環境資訊113),則軟體組件13繼續進行下列步驟S06。反之,若否(使用者裝置環境資訊21不符合約定之使用者裝置環境資訊113),則軟體組件13自動或主動判定使用者裝置環境資訊21未通過授權檢查(授權檢查失敗),使得使用者裝置20無法執行軟體組件13。 In step S05 , the software component 13 automatically or actively obtains the user device environment information 21 (such as at least one of a hardware identification code/application identification code/operating system identification code/software development kit identification code) from the user device 20 ), to check whether the user device environment information 21 complies with the user device environment information 113 agreed in the user device non-counterfeit mark 11 (such as the agreed hardware identification code/application identification code/operating system identification code/software At least one of the development kit identification codes)? If so (the user device environment information 21 complies with the agreed user device environment information 113), the software component 13 proceeds to the following step S06. On the contrary, if not (the user device environment information 21 does not comply with the agreed user device environment information 113), the software component 13 automatically or actively determines that the user device environment information 21 fails the authorization check (authorization check fails), causing the user to Device 20 cannot execute software component 13.

在步驟S06中,軟體組件13自動或主動檢查使用者裝置20中是否存在軟體組件不可偽冒符記12?若是(使用者裝置20中存在軟體組件不可偽冒符記12),則軟體組件13繼續進行下列步驟S07。反之,若否(使用者裝置20中不存在軟體組件不可偽冒符記12),則軟體組件13自動或主動判定軟體組件不可偽冒符記12未通過授權檢查(授權檢查失敗),使得使用者裝置20無法執行軟體組件13。 In step S06 , the software component 13 automatically or actively checks whether there is a software component unforgery mark 12 in the user device 20 . If so (the software component non-forgery token 12 exists in the user device 20), the software component 13 continues to the following step S07. On the contrary, if not (there is no software component non-counterfeiting symbol 12 in the user device 20), the software component 13 automatically or actively determines that the software component non-counterfeiting symbol 12 has failed the authorization check (authorization check failed), so that the user The device 20 cannot execute the software component 13.

在步驟S07中,軟體組件13自動或主動檢查軟體組件不可 偽冒符記12是否由軟體組件發行端A所產生/產製?若是(軟體組件不可偽冒符記12由軟體組件發行端A所產生/產製),則軟體組件13繼續進行下列步驟S08。反之,若否(軟體組件不可偽冒符記12並非由軟體組件發行端A所產生/產製),則軟體組件13自動或主動判定軟體組件不可偽冒符記12之產生/產製未通過授權檢查(授權檢查失敗),使得使用者裝置20無法執行軟體組件13。 In step S07, the software component 13 automatically or actively checks that the software component cannot Is the counterfeit symbol 12 generated/manufactured by software component publisher A? If so (the software component non-counterfeiting sign 12 is generated/produced by the software component issuer A), then the software component 13 continues to the following step S08. On the contrary, if not (the software component non-counterfeiting symbol 12 is not generated/produced by the software component issuer A), then the software component 13 automatically or actively determines that the generation/production of the software component non-counterfeiting symbol 12 has failed. Authorization check (authorization check failed) makes the user device 20 unable to execute the software component 13 .

在步驟S08中,軟體組件13自動或主動從使用者裝置20之使用者裝置不可偽冒符記11中取得軟體組件保固期限112,以檢查軟體組件不可偽冒符記12中之軟體組件釋出時間121是否在使用者裝置不可偽冒符記11中之軟體組件保固期限112之範圍內?若是(軟體組件釋出時間121在軟體組件保固期限112之範圍內),則軟體組件13繼續進行下列步驟S09。反之,若否(軟體組件釋出時間121不在軟體組件保固期限112之範圍內),代表此版本之軟體組件13依照軟體組件發行端A與使用者B雙方之合約或約定無法在使用者裝置20中執行,則軟體組件13自動或主動判定軟體組件釋出時間121未通過授權檢查(授權檢查失敗),使得使用者裝置20無法執行軟體組件13。 In step S08, the software component 13 automatically or proactively obtains the software component warranty period 112 from the user device non-forgeable token 11 of the user device 20 to check whether the software component release time 121 in the software component non-forgeable token 12 is within the range of the software component warranty period 112 in the user device non-forgeable token 11. If yes (the software component release time 121 is within the range of the software component warranty period 112), the software component 13 proceeds to the following step S09. On the contrary, if not (the software component release time 121 is not within the scope of the software component warranty period 112), it means that this version of the software component 13 cannot be executed in the user device 20 according to the contract or agreement between the software component publisher A and the user B. Then the software component 13 automatically or proactively determines that the software component release time 121 has not passed the authorization check (authorization check failure), so that the user device 20 cannot execute the software component 13.

在步驟S09中,軟體組件13自動或主動從使用者裝置不可偽冒符記11中取得約定之使用者裝置環境資訊113(如約定之硬體識別碼/應用程式識別碼/作業系統識別碼/軟體開發套件識別碼之至少一者),以檢查約定之使用者裝置環境資訊113是否未列在軟體組件不可偽冒符記12中黑名單之使用者裝置環境資訊122(如黑名單之硬體識別碼/應用程式識別碼/作業系統識別碼/軟體開發套件識別碼之至少一者)?若是(約定之使用者裝 置環境資訊113未列在黑名單之使用者裝置環境資訊122),則軟體組件13繼續進行步驟S10,使得使用者裝置20能執行軟體組件13。反之,若否(約定之使用者裝置環境資訊113已列在黑名單之使用者裝置環境資訊122),代表此版本之軟體組件13依照軟體組件發行端A與使用者B雙方之合約或約定無法在使用者裝置20中執行,則軟體組件13自動或主動判定約定之使用者裝置環境資訊113未通過授權檢查(授權檢查失敗),使得使用者裝置20無法執行軟體組件13。 In step S09 , the software component 13 automatically or actively obtains the agreed user device environment information 113 (such as the agreed hardware identification code/application identification code/operating system identification code/ At least one of the software development kit identification codes) to check whether the agreed user device environment information 113 is not listed in the user device environment information 122 of the blacklist in the software component non-counterfeiting token 12 (such as the blacklisted hardware At least one of the identification code/application identification code/operating system identification code/software development kit identification code)? If it is (agreed user equipment If the environment information 113 is not listed in the blacklist of the user device environment information 122), the software component 13 continues to step S10, so that the user device 20 can execute the software component 13. On the contrary, if not (the agreed user device environment information 113 has been listed in the blacklisted user device environment information 122), it means that this version of the software component 13 cannot be released in accordance with the contract or agreement between the software component issuer A and user B. When executed in the user device 20 , the software component 13 automatically or actively determines that the agreed user device environment information 113 fails the authorization check (authorization check fails), so that the user device 20 cannot execute the software component 13 .

另外,本發明還提供一種針對軟體組件使用之授權方法之電腦可讀媒介,係應用於具有處理器及/或記憶體之計算裝置或電腦中,且電腦可讀媒介儲存有指令,並可利用計算裝置或電腦透過處理器及/或記憶體執行電腦可讀媒介,以於執行電腦可讀媒介時執行上述內容。例如,處理器可為微處理器、中央處理器(CPU)、圖形處理器(GPU)等,記憶體可為隨機存取記憶體(RAM)、記憶卡、硬碟(如雲端/網路硬碟)、資料庫等,但不以此為限。 In addition, the present invention also provides a computer-readable medium for an authorization method for the use of software components, which is applied to a computing device or computer with a processor and/or memory, and the computer-readable medium stores instructions and can be used The computing device or computer executes the computer-readable medium through the processor and/or memory to execute the above content when the computer-readable medium is executed. For example, the processor can be a microprocessor, a central processing unit (CPU), a graphics processing unit (GPU), etc., and the memory can be a random access memory (RAM), a memory card, a hard disk (such as a cloud/network hard drive), etc. discs), databases, etc., but are not limited to this.

綜上,本發明之軟體組件使用之授權系統、方法及電腦可讀媒介至少具有下列特色、優點或技術功效。 In summary, the authorization system, method and computer-readable medium used by the software component of the present invention have at least the following features, advantages or technical effects.

一、本發明能由軟體組件發行端產生(產製出)具有可靠性、合法性與不可否認性之使用者裝置不可偽冒符記與軟體組件不可偽冒符記,以利用使用者裝置不可偽冒符記與軟體組件不可偽冒符記確保使用者裝置對於軟體組件之信任。 1. The present invention can generate (produce) a user device unforgeable token and a software component unforgeable token with reliability, legitimacy and non-repudiation by the software component issuer, so as to ensure the user device's trust in the software component by using the user device unforgeable token and the software component unforgeable token.

二、本發明能將各種時間資訊(如軟體組件使用期限/軟體組件保固期限)與約定之使用者裝置環境資訊(如約定之硬體識別碼/應用程式 識別碼/作業系統識別碼/軟體開發套件識別碼)加入使用者裝置不可偽冒符記中,以利自動或主動執行軟體組件之使用授權與保固授權等各種授權檢查。 2. The present invention can combine various time information (such as software component usage period/software component warranty period) with agreed user device environment information (such as agreed hardware identification code/application program). Identification code/operating system identification code/software development kit identification code) is added to the unforgeable mark of the user device to facilitate automatic or proactive execution of various authorization checks such as usage authorization and warranty authorization of software components.

三、本發明能利用使用者裝置不可偽冒符記與軟體組件不可偽冒符記作為軟體組件之授權檢查(如使用授權或保固授權之檢查)之信任基礎,並將使用者裝置不可偽冒符記結合(搭配)各種時間資訊(如軟體組件使用期限/軟體組件保固期限)與約定之使用者裝置環境資訊(如約定之硬體識別碼/應用程式識別碼/作業系統識別碼/軟體開發套件識別碼),以利達到軟體組件之授權檢查(如使用授權或保固授權之檢查),亦能應用於多種或不同商業模式之情境。 3. The present invention can use the non-counterfeiting symbol of the user device and the non-counterfeiting symbol of the software component as the basis of trust for the authorization check of the software component (such as use authorization or warranty authorization check), and make the user device non-counterfeitable. The token combines (matches) various time information (such as software component usage period/software component warranty period) and agreed user device environment information (such as agreed hardware identification code/application identification code/operating system identification code/software development Package identification code) to facilitate the authorization check of software components (such as use authorization or warranty authorization check), and can also be applied to multiple or different business model scenarios.

四、本發明之軟體組件發行端能透過電子裝置公佈一公開資訊(如公開驗證資訊),以供軟體組件利用公開資訊(如公開驗證資訊)自動或主動驗證軟體組件發行端所產生(產製)之軟體組件不可偽冒符記之真偽。 4. The software component distributor of the present invention can publish public information (such as public verification information) through an electronic device, so that the software component can use the public information (such as public verification information) to automatically or actively verify the authenticity of the software component unforgeable token generated (produced) by the software component distributor.

五、本發明能在軟體組件不可偽冒符記之產生(產製)過程中加入軟體組件釋出時間,亦能進一步加入黑名單之使用者裝置環境資訊(如黑名單之硬體識別碼/應用程式識別碼/作業系統識別碼/軟體開發套件識別碼),以利於使用者裝置出現違反合約或約定(違約)時,對不同版本或更新版本之軟體組件之使用授權進行限制或終止。 5. The present invention can add the software component release time during the generation (production) process of the software component non-counterfeiting mark, and can further add the user device environment information of the blacklist (such as the hardware identification code of the blacklist/ Application Identification Code/Operating System Identification Code/Software Development Kit Identification Code) to facilitate the restriction or termination of the use authorization of different or updated versions of software components when the user's device violates the contract or agreement (breach of contract).

六、本發明能提供使用者裝置對於軟體組件之來源可靠性、來源合法性或來源不可否認性等各種來源性之檢查,以利提升軟體組件之來源之可靠性、合法性或不可否認性。 6. The present invention can provide the user device with various source checks such as source reliability, source legality or source non-repudiation of software components, so as to improve the reliability, legality or non-repudiation of the source of software components.

七、本發明能提供使用者裝置對於不同版本或更新版本之軟體組件之授權檢查(如使用授權或保固授權之檢查),亦能對使用者裝置進行 不同版本或更新版本之軟體組件之使用授權之限制或終止。 7. The present invention can provide user devices with authorization checks for software components of different versions or updated versions (such as use authorization or warranty authorization checks), and can also perform authorization checks on user devices. Restriction or termination of licenses for different versions or later versions of software components.

八、本發明之使用者裝置可以不需要透過網路(如有線網路/無線網路/網際網路)連線至外部之驗證伺服器或授權伺服器等,即能於使用者裝置中自動或主動執行軟體組件之驗證授權或終止授權。 8. The user device of the present invention does not need to be connected to an external verification server or authorization server through a network (such as a wired network/wireless network/Internet), and can automatically or proactively execute verification and authorization or terminate authorization of software components in the user device.

上述實施形態僅例示性說明本發明之原理、特點及其功效,並非用以限制本發明之可實施範疇,任何熟習此項技藝之人士均能在不違背本發明之精神及範疇下,對上述實施形態進行修飾與改變。任何使用本發明所揭示內容而完成之等效改變及修飾,均仍應為申請專利範圍所涵蓋。因此,本發明之權利保護範圍應如申請專利範圍所列。 The above embodiments are only illustrative of the principles, characteristics and effects of the present invention, and are not intended to limit the scope of the present invention. Anyone skilled in the art can make the above-mentioned modifications without violating the spirit and scope of the present invention. Modify and change the implementation form. Any equivalent changes and modifications made using the contents disclosed in the present invention shall still be covered by the patent application. Therefore, the protection scope of the present invention should be as listed in the patent application scope.

1:軟體組件使用之授權系統 1: Authorization system for the use of software components

10:電子裝置 10: Electronic devices

11:使用者裝置不可偽冒符記 11: User devices cannot forge tokens

111:軟體組件使用期限 111: Software component usage period

112:軟體組件保固期限 112: Software component warranty period

113:約定之使用者裝置環境資訊 113: Agreed user device environment information

12:軟體組件不可偽冒符記 12: Software components cannot be counterfeited.

121:軟體組件釋出時間 121:Software component release time

122:黑名單之使用者裝置環境資訊 122: Blacklist user device environment information

13:軟體組件 13:Software components

20:使用者裝置 20: User device

21:使用者裝置環境資訊 21: User device environment information

A:軟體組件發行端 A:Software component publisher

B:使用者 B: User

Claims (17)

一種軟體組件使用之授權系統,包括: A licensing system for use of software components, including: 電子裝置,係依據軟體組件之軟體組件使用期限、軟體組件保固期限與約定之使用者裝置環境資訊產生使用者裝置不可偽冒符記,且該電子裝置針對該軟體組件產生軟體組件不可偽冒符記;以及 The electronic device generates a user device non-counterfeit token based on the software component usage period, the software component warranty period and the agreed user device environment information of the software component, and the electronic device generates a software component non-counterfeit token for the software component; and 至少一使用者裝置,係與該電子裝置互相連結或通訊,以透過該電子裝置將該軟體組件結合該使用者裝置不可偽冒符記與該軟體組件不可偽冒符記,再將所結合之該使用者裝置不可偽冒符記、該軟體組件不可偽冒符記與該軟體組件置入該使用者裝置中, At least one user device is interconnected or communicated with the electronic device, so as to combine the software component with the user device unforgeable token and the software component unforgeable token through the electronic device, and then place the combined user device unforgeable token, the software component unforgeable token and the software component into the user device, 其中,當該使用者裝置欲啟動執行該軟體組件時,由該軟體組件利用該使用者裝置中之該使用者裝置不可偽冒符記之該軟體組件使用期限、該軟體組件保固期限與該約定之使用者裝置環境資訊及該軟體組件不可偽冒符記,以自動或主動對該使用者裝置進行該軟體組件之授權檢查。 Among them, when the user device wants to start executing the software component, the software component uses the user device non-forgery mark in the user device to indicate the software component usage period, the software component warranty period and the agreement. The user device environment information and the software component cannot forge tokens to automatically or proactively perform authorization checks on the user device for the software component. 如請求項1所述之軟體組件使用之授權系統,其中,於約定完成該軟體組件之該軟體組件使用期限、該軟體組件保固期限與該約定之使用者裝置環境資訊後,係透過該電子裝置依據該軟體組件使用期限、該軟體組件保固期限與該約定之使用者裝置環境資訊產生具有可靠性、合法性與不可否認性之該使用者裝置不可偽冒符記,且依據該軟體組件之軟體組件釋出時間與黑名單之使用者裝置環境資訊產生具有可靠性、合法性與不可否認性之該軟體組件不可偽冒符記。 The authorization system for the use of software components as described in claim 1, wherein, after the completion of the agreed usage period of the software component, the warranty period of the software component and the agreed user device environment information, through the electronic device Based on the usage period of the software component, the warranty period of the software component and the agreed user device environment information, a user device non-counterfeiting token with reliability, legality and non-repudiation is generated, and the software based on the software component The component release time and the user device environment information of the blacklist generate an uncounterfeitable sign of the software component with reliability, legality and non-repudiation. 如請求項1所述之軟體組件使用之授權系統,其中,該軟體組件更從該使用者裝置中取得使用者裝置環境資訊,以依據該使用者裝置中之該使用者裝置環境資訊與該使用者裝置不可偽冒符記中該約定之使用者裝置環境資訊進行該軟體組件之授權檢查。 An authorization system for use of a software component as described in claim 1, wherein the software component further obtains user device environment information from the user device to perform an authorization check of the software component based on the user device environment information in the user device and the agreed user device environment information in the unforgeable token of the user device. 如請求項1所述之軟體組件使用之授權系統,其中,在該軟體組件不可偽冒符記之產生過程中,係透過該電子裝置將該軟體組件之軟體組件釋出時間與黑名單之使用者裝置環境資訊加入該軟體組件不可偽冒符記中,以於該使用者裝置出現違反合約或約定之情況時,依據該軟體組件不可偽冒符記中之該軟體組件釋出時間與該黑名單之使用者裝置環境資訊對該使用者裝置進行該軟體組件之使用授權之限制或終止。 The software component use authorization system as described in claim 1, wherein, in the process of generating the software component unforgeable token, the software component release time and the user device environment information of the blacklist are added to the software component unforgeable token through the electronic device, so that when the user device violates the contract or agreement, the use authorization of the software component is restricted or terminated for the user device according to the software component release time and the user device environment information of the blacklist in the software component unforgeable token. 如請求項1所述之軟體組件使用之授權系統,其中,該電子裝置進一步針對不同版本或更新版本之該軟體組件產生相對應之該軟體組件不可偽冒符記,以將該軟體組件不可偽冒符記與該軟體組件一同釋出至該使用者裝置,且其中,該軟體組件不可偽冒符記係包括該軟體組件之軟體組件資訊、軟體組件識別資訊、軟體組件釋出時間與黑名單之使用者裝置環境資訊。 The authorization system for the use of software components as described in claim 1, wherein the electronic device further generates corresponding non-counterfeiting marks of the software components for different versions or updated versions of the software components, so as to make the software components non-counterfeitable. The counterfeit sign is released to the user device together with the software component, and the software component non-counterfeit sign includes the software component information, software component identification information, software component release time and blacklist of the software component. User device environment information. 如請求項1所述之軟體組件使用之授權系統,其中,該軟體組件更利用公開資訊驗證該使用者裝置不可偽冒符記與該軟體組件不可偽冒符記兩者,以依據該使用者裝置不可偽冒符記與該軟體組件不可偽冒符記兩者之驗證結果判定該使用者裝置能否使用該軟體組件。 The authorization system for the use of software components as described in claim 1, wherein the software component further uses public information to verify both the non-counterfeiting symbol of the user device and the non-counterfeiting symbol of the software component, so as to verify the user's The verification results of both the non-counterfeiting symbol of the device and the non-counterfeiting symbol of the software component determine whether the user device can use the software component. 如請求項1所述之軟體組件使用之授權系統,其中,該軟體組件更利用該使用者裝置之系統時間與該使用者裝置不可偽冒符記中之該軟體組件使用期限進行有效期限之驗證,且利用該軟體組件不可偽冒符記中之軟體組件釋出時間與該使用者裝置不可偽冒符記中之該軟體組件保固期限進行保固期限之驗證,以依據該使用者裝置之系統時間與該軟體組件使用期限兩者之驗證結果及該軟體組件釋出時間與該軟體組件保固期限兩者之驗證結果判定該使用者裝置能否使用該軟體組件。 The authorization system for the use of software components as described in claim 1, wherein the software component further uses the system time of the user device and the usage period of the software component in the non-forgery mark of the user device to verify the validity period. , and use the software component release time in the non-counterfeiting symbol of the software component and the warranty period of the software component in the user device non-counterfeiting symbol to verify the warranty period based on the system time of the user device The verification results of both the service life of the software component and the verification results of the release time of the software component and the warranty period of the software component determine whether the user device can use the software component. 如請求項1所述之軟體組件使用之授權系統,其中,該軟體組件更利用該使用者裝置不可偽冒符記中該約定之使用者裝置環境資訊與該軟體組件不可偽冒符記中黑名單之使用者裝置環境資訊進行黑名單之檢索或驗證,以依據該約定之使用者裝置環境資訊與該黑名單之使用者裝置環境資訊之檢索或驗證結果判定該使用者裝置能否使用該軟體組件。 The authorization system for the use of software components as described in claim 1, wherein the software component further utilizes the agreed user device environment information in the user device non-counterfeiting symbol and the black code in the software component non-counterfeiting symbol. Perform blacklist retrieval or verification on the user device environment information of the list to determine whether the user device can use the software based on the retrieval or verification results of the agreed user device environment information and the user device environment information of the blacklist. components. 一種軟體組件使用之授權方法,包括: An authorization method for the use of software components, including: 透過電子裝置依據軟體組件之軟體組件使用期限、軟體組件保固期限與約定之使用者裝置環境資訊產生使用者裝置不可偽冒符記,且透過該電子裝置針對該軟體組件產生軟體組件不可偽冒符記; The user device non-counterfeiting symbol is generated through the electronic device based on the software component usage period, the software component warranty period and the agreed user device environment information, and the software component non-counterfeiting symbol is generated through the electronic device for the software component. remember; 透過該電子裝置將該軟體組件結合該使用者裝置不可偽冒符記與該軟體組件不可偽冒符記,以將所結合之該使用者裝置不可偽冒符記、該軟體組件不可偽冒符記與該軟體組件置入使用者裝置中;以及 Combining the software component with the user device unforgeable token and the software component unforgeable token through the electronic device, so as to place the combined user device unforgeable token, the software component unforgeable token and the software component into the user device; and 當該使用者裝置欲啟動執行該軟體組件時,由該軟體組件利用該使用者裝置中之該使用者裝置不可偽冒符記之該軟體組件使用期限、該軟體組件保固期限與該約定之使用者裝置環境資訊及該軟體組件不可偽冒符記,以自動或主動對該使用者裝置進行該軟體組件之授權檢查。 When the user device wants to start executing the software component, the software component uses the user device non-forgery mark in the user device to indicate the usage period of the software component, the warranty period of the software component and the agreed use The user's device environment information and the software component may not forge tokens to automatically or proactively conduct authorization checks of the software component on the user's device. 如請求項9所述之軟體組件使用之授權方法,更包括於約定完成該軟體組件之該軟體組件使用期限、該軟體組件保固期限與該約定之使用者裝置環境資訊後,透過該電子裝置依據該軟體組件使用期限、該軟體組件保固期限與該約定之使用者裝置環境資訊產生具有可靠性、合法性與不可否認性之該使用者裝置不可偽冒符記,且依據該軟體組件之軟體組件釋出時間與黑名單之使用者裝置環境資訊產生具有可靠性、合法性與不可否認性之該軟體組件不可偽冒符記。 The method for authorizing the use of software components as described in claim 9 further includes generating a user device non-counterfeit token with reliability, legitimacy and irrefutability through the electronic device based on the software component usage period, the software component warranty period and the agreed user device environment information after the software component usage period, the software component warranty period and the agreed user device environment information are agreed upon, and generating a software component non-counterfeit token with reliability, legitimacy and irrefutability based on the software component release time and the blacklist user device environment information of the software component. 如請求項9所述之軟體組件使用之授權方法,更包括由該軟體組件從該使用者裝置中取得使用者裝置環境資訊,以依據該使用者裝置中之該使用者裝置環境資訊與該使用者裝置不可偽冒符記中該約定之使用者裝置環境資訊進行該軟體組件之授權檢查。 The authorization method for using a software component as described in claim 9 further includes the software component obtaining user device environment information from the user device, so as to match the user device environment information in the user device with the use The user device may not forge the agreed user device environment information in the token to perform authorization check of the software component. 如請求項9所述之軟體組件使用之授權方法,更包括在該軟體組件不可偽冒符記之產生過程中,透過該電子裝置將該軟體組件之軟體組件釋出時間與黑名單之使用者裝置環境資訊加入該軟體組件不可偽冒符記中,以於該使用者裝置出現違反合約或約定之情況時,依據該軟體組件不可偽冒符記中之該軟體組件釋出時間與該黑名單之使用者裝置環境資訊對該使用者裝置進行該軟體組件之使用授權之限制或終止。 The method for authorizing the use of a software component as described in claim 9 further includes adding the software component release time and the user device environment information of the blacklist to the software component unforgeable token through the electronic device during the generation process of the software component unforgeable token, so that when the user device violates the contract or agreement, the use authorization of the software component is restricted or terminated for the user device according to the software component release time and the user device environment information of the blacklist in the software component unforgeable token. 如請求項9所述之軟體組件使用之授權方法,更包括透過該電子裝置針對不同版本或更新版本之該軟體組件產生相對應之該軟體組件不可偽冒符記,以將該軟體組件不可偽冒符記與該軟體組件一同釋出至該使用者裝置,其中,該軟體組件不可偽冒符記係包括該軟體組件之軟體組件資訊、軟體組件識別資訊、軟體組件釋出時間與黑名單之使用者裝置環境資訊。 The method for authorizing the use of a software component as described in claim 9 further includes generating a corresponding software component unforgeable token for different versions or updated versions of the software component through the electronic device, so as to release the software component unforgeable token together with the software component to the user device, wherein the software component unforgeable token includes software component information, software component identification information, software component release time, and user device environment information of the blacklist of the software component. 如請求項9所述之軟體組件使用之授權方法,更包括由該軟體組件利用公開資訊驗證該使用者裝置不可偽冒符記與該軟體組件不可偽冒符記兩者,以依據該使用者裝置不可偽冒符記與該軟體組件不可偽冒符記兩者之驗證結果判定該使用者裝置能否使用該軟體組件。 The authorization method for use of a software component as described in claim 9 further includes the software component using public information to verify both the non-counterfeiting signature of the user device and the non-counterfeiting signature of the software component, so as to verify the user's The verification results of both the non-counterfeiting symbol of the device and the non-counterfeiting symbol of the software component determine whether the user device can use the software component. 如請求項9所述之軟體組件使用之授權方法,更包括由該軟體組件利用該使用者裝置之系統時間與該使用者裝置不可偽冒符記中之該軟體組件使用期限進行有效期限之驗證,且利用該軟體組件不可偽冒符記中之軟體組件釋出時間與該使用者裝置不可偽冒符記中之該軟體組件 保固期限進行保固期限之驗證,以依據該使用者裝置之系統時間與該軟體組件使用期限兩者之驗證結果及該軟體組件釋出時間與該軟體組件保固期限兩者之驗證結果判定該使用者裝置能否使用該軟體組件。 The method for authorizing the use of a software component as described in claim 9 further includes the software component using the system time of the user device and the use period of the software component in the unforgeable token of the user device to verify the validity period, and using the software component release time in the unforgeable token of the software component and the warranty period of the software component in the unforgeable token of the user device to verify the warranty period, so as to determine whether the user device can use the software component based on the verification results of the system time of the user device and the use period of the software component and the verification results of the software component release time and the warranty period of the software component. 如請求項9所述之軟體組件使用之授權方法,更包括由該軟體組件利用該使用者裝置不可偽冒符記中該約定之使用者裝置環境資訊與該軟體組件不可偽冒符記中黑名單之使用者裝置環境資訊進行黑名單之檢索或驗證,以依據該約定之使用者裝置環境資訊與該黑名單之使用者裝置環境資訊之檢索或驗證結果判定該使用者裝置能否使用該軟體組件。 The method for authorizing the use of a software component as described in claim 9 further includes the software component using the agreed user device environment information in the user device unforgeable token and the user device environment information in the blacklist in the software component unforgeable token to search or verify the blacklist, so as to determine whether the user device can use the software component based on the search or verification results of the agreed user device environment information and the user device environment information in the blacklist. 一種電腦可讀媒介,應用於計算裝置或電腦中,係儲存有指令,以執行如請求項9至16之任一者所述之軟體組件使用之授權方法。 A computer-readable medium, used in a computing device or computer, stores instructions to execute the authorization method for the use of software components as described in any one of claims 9 to 16.
TW111130607A 2022-08-15 2022-08-15 Authorization system, method and computer readable medium for software component usage TWI816510B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW111130607A TWI816510B (en) 2022-08-15 2022-08-15 Authorization system, method and computer readable medium for software component usage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW111130607A TWI816510B (en) 2022-08-15 2022-08-15 Authorization system, method and computer readable medium for software component usage

Publications (2)

Publication Number Publication Date
TWI816510B TWI816510B (en) 2023-09-21
TW202409861A true TW202409861A (en) 2024-03-01

Family

ID=88966245

Family Applications (1)

Application Number Title Priority Date Filing Date
TW111130607A TWI816510B (en) 2022-08-15 2022-08-15 Authorization system, method and computer readable medium for software component usage

Country Status (1)

Country Link
TW (1) TWI816510B (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070174429A1 (en) * 2006-01-24 2007-07-26 Citrix Systems, Inc. Methods and servers for establishing a connection between a client system and a virtual machine hosting a requested computing environment
WO2011091313A1 (en) * 2010-01-22 2011-07-28 Interdigital Patent Holdings, Inc. Method and apparatus for trusted federated identity management and data access authorization
TW201344485A (en) * 2012-04-27 2013-11-01 Chunghwa Telecom Co Ltd Position-oriented software licensing system and method
US9830603B2 (en) * 2015-03-20 2017-11-28 Microsoft Technology Licensing, Llc Digital identity and authorization for machines with replaceable parts

Also Published As

Publication number Publication date
TWI816510B (en) 2023-09-21

Similar Documents

Publication Publication Date Title
CN111429254B (en) Business data processing method and device and readable storage medium
US10554421B2 (en) Method for superseding log-in of user through PKI-based authentication by using smart contact and blockchain database, and server employing same
US10846416B2 (en) Method for managing document on basis of blockchain by using UTXO-based protocol, and document management server using same
KR101937220B1 (en) Method for generating and verifying a digital signature or message authentication code based on a block chain that does not require key management
CN108399329B (en) Method for improving security of trusted application program
CN112508560A (en) Block chain cross-chain identity authentication and authority control method and device and computer equipment
CN108347332A (en) Verify the method and device of firmware signature
CN112115205B (en) Cross-chain trust method, device, equipment and medium based on digital certificate authentication
US11418499B2 (en) Password security
CN111133435A (en) Method and server for validating an electronic document
TWI623904B (en) Confirmation system based on blockchain smart contract and method thereof
CN110674531B (en) Residential information management method, device, server and medium based on block chain
WO2021169767A1 (en) Data processing method and apparatus, device and medium
JP6911231B1 (en) Reliability verification system for digital asset data packets
CN109816386A (en) Data get through method on a kind of chain of the unified identity authentication based on block chain
WO2019178763A1 (en) Certificate importing method and terminal
CN111597269A (en) Block chain-based contract implementation method, device and equipment
CN116896463A (en) Trusted environment authentication method and device based on blockchain
WO2019178762A1 (en) Method, server, and system for verifying validity of terminal
CN109670289A (en) A kind of method and system identifying background server legitimacy
JP2020061614A (en) Information processing apparatus, method, and program
TWI816510B (en) Authorization system, method and computer readable medium for software component usage
US20220393892A1 (en) Composite Cryptographic Systems with Variable Configuration Parameters and Memory Bound Functions
JP6650543B1 (en) Information processing apparatus, method and program
CN110852756A (en) Data processing method and equipment