WO2022252466A1 - Application authorization method, computing device, and storage medium - Google Patents
Application authorization method, computing device, and storage medium Download PDFInfo
- Publication number
- WO2022252466A1 WO2022252466A1 PCT/CN2021/124292 CN2021124292W WO2022252466A1 WO 2022252466 A1 WO2022252466 A1 WO 2022252466A1 CN 2021124292 W CN2021124292 W CN 2021124292W WO 2022252466 A1 WO2022252466 A1 WO 2022252466A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- authorization
- hardware
- computing device
- serial number
- Prior art date
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 178
- 238000000034 method Methods 0.000 title claims abstract description 90
- 238000003860 storage Methods 0.000 title claims abstract description 24
- 238000012795 verification Methods 0.000 claims description 28
- 238000012545 processing Methods 0.000 claims description 8
- 125000004122 cyclic group Chemical group 0.000 claims description 3
- 238000004458 analytical method Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 16
- 230000008569 process Effects 0.000 description 13
- 230000035755 proliferation Effects 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000009792 diffusion process Methods 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000005728 strengthening Methods 0.000 description 2
- 230000007723 transport mechanism Effects 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000000429 assembly Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000007667 floating Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
Definitions
- the present invention relates to the field of computer technology, in particular to an application program authorization method, a computing device and a storage medium.
- the present invention is proposed to provide an application authorization method, computing device, and storage medium that overcome the above problems or at least partially solve the above problems.
- a method for authorizing an application which is executed in a computing device.
- the method includes: extracting at least one authorization information pre-stored in the computing device, the authorization information including at least one first hardware encryption information, an application The authorization serial number and the first check value of the program; the authorization information is analyzed to determine whether the authorization information is correct; when the authorization information is determined to be correct, each hardware information related to the preset matching rules of the computing device is obtained; each hardware information is separately performing encryption to generate each second hardware encrypted information; matching the second hardware encrypted information with the first hardware encrypted information, and when the preset matching rule is met, the authorization is successful.
- the authorization information is written into the BIOS chip of the computing device by means of burning.
- a step of generating authorization information is also included, including: respectively encrypting at least one piece of hardware information in the computing device to generate respective first hardware encryption information; obtaining the application The authorization serial number of the program; based on the verification value generation algorithm, each first hardware encryption information and the authorization serial number of the application program are encoded to generate the first verification value.
- the step of parsing the authorization information to determine whether the authorization information is correct includes: parsing the authorization information to obtain the first hardware encryption information, the authorization serial number of the application program, and the second A check value; encode the first hardware encryption information obtained by parsing and the authorization serial number of the application program through a check value generation algorithm to generate a second check value; determine whether the first check value and the second check value the same; if the first check value is the same as the second check value, it is judged whether the authorization serial number of the application program is legal; if the authorization serial number of the application program is legal, it is confirmed that the authorization information is correct.
- the step of acquiring hardware information related to the preset matching rules of the computing device includes: acquiring each hardware information corresponding to the first hardware encryption information. Hardware identification; acquiring hardware information related to each hardware identification in the current computing device.
- the encryption algorithm is SHA256;
- the check value generation algorithm is a cyclic redundancy check algorithm.
- the authorization information generation method further includes: performing structural processing on the first hardware encryption algorithm, the application program authorization serial number and the first check value.
- the second hardware encryption information is matched with the first hardware encryption information, and when the preset matching rule is satisfied, the step of authorization success includes: encrypting the second hardware The information is matched with the first hardware encrypted information, and when the matching degree reaches a preset threshold, the authorization is successful.
- a computing device comprising: at least one processor; and a memory storing program instructions, wherein the program instructions are configured to be executed by the at least one processor, the The program instructions described above include instructions for performing the methods described above.
- a readable storage medium storing program instructions, and when the program instructions are read and executed by a computing device, the computing device is made to execute the above method.
- the scheme of the present invention adopts the method of binding the hardware information and the software authorization serial number to solve the problem of unlimited proliferation of the authorization serial number, thereby reducing the loss of the software manufacturer and strengthening the support for the genuine software, and, in this scheme, the hardware
- the information and software authorization serial number are burned in the BIOS, so that the authorization verification process can still be completed normally even when offline.
- This solution also proposes a hardware information matching rule.
- the authorization verification process can still be completed normally, thus providing the user with a certain degree of freedom and improving the user experience. At the same time, it strengthens the software provider’s interest protection.
- Fig. 1 shows the flow chart of using the software authorization serial number to bind hardware information in the prior art to perform software authorization
- FIG. 2 shows a schematic diagram of a computing device 200 according to one embodiment of the present invention
- FIG. 3 shows a flowchart of a method 300 for generating authorization information and burning it into a computing device in an application authorization method according to an embodiment of the present invention
- Fig. 4 shows a flow chart of an authorization information verification method 400 in an application program authorization method according to an embodiment of the present invention.
- FIG. 1 shows a flow chart of software authorization in the prior art by using a software authorization serial number to bind hardware information.
- the specific process of software authorization in the prior art is as follows:
- authorization file If the authorization file exists, read the authorization file information of the gram-short machine, and determine whether there is a network connection during the process.
- the verification of the authorization information is completed through the authorization server.
- a new application program (software) authorization method is proposed, the method is divided into two stages, wherein, the first stage is the (Computing equipment)
- the complete machine manufacturer reads the effective value of the hardware information required in the matching rule according to the preset hardware information matching rules (such as: motherboard, BIOS, hard disk, cpu, network card, memory, N pieces of hardware information such as graphics card, sound card, etc.), and encrypt the effective values of the read hardware information one by one; bind all the encrypted ciphertexts generated after encryption with the authorization serial number of the application program, and calculate and generate a checksum value, so that the final authorization information is generated, and the final authorization information is written into the BIOS.
- the computing device a piece of authorization information may be pre-configured and arranged, where a piece of authorization information corresponds to the authorization of an application program, and will not be listed here.
- the second stage is the stage of verifying the authorization information.
- the software first reads the authorization information stored in the BIOS, extracts all the hardware information ciphertext and authorization serial number from the read authorization information to calculate the verification value, and calculates the verification value and authorization Compare the verification values in the information, if the two verification values are the same, then verify whether the read authorization serial number is legal and valid; if it is a legal authorization serial number, finally read all the hardware on the machine within the matching rule range
- the information is encrypted and calculated one by one, and the encrypted ciphertext and the hardware information ciphertext read in the BIOS are matched according to the matching rules to meet the matching rules (for example: there are 7 hardware information in the matching range, and 5 or more hardware information are satisfied. If the information ciphertext is the same, the match is successful), then the authorization verification is considered successful.
- FIG. 2 shows a block diagram of a computing device 200 according to one embodiment of the present invention.
- computing device 200 in a basic configuration 202 , typically includes system memory 206 and one or more processors 204 .
- a memory bus 208 may be used for communication between the processor 204 and the system memory 206 .
- processor 204 may be any type of processing including, but not limited to, a microprocessor ( ⁇ P), microcontroller ( ⁇ C), digital information processor (DSP), or any combination thereof.
- Processor 204 may include one or more levels of cache such as L1 cache 210 and L2 cache 212 , processor core 214 and registers 216 .
- Exemplary processor core 214 may include an arithmetic logic unit (ALU), a floating point unit (FPU), a digital signal processing core (DSP core), or any combination thereof.
- An example memory controller 218 may be used with the processor 204 or, in some implementations, the memory controller 218 may be an internal part of the processor 204 .
- system memory 206 may be any type of memory including, but not limited to: volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.), or any combination thereof.
- System memory 206 may include operating system 220 , one or more applications 222 , and program data 224 .
- the application 222 is actually a plurality of program instructions, which are used to instruct the processor 204 to perform corresponding operations.
- applications 222 may be arranged to execute instructions on an operating system with program data 224 by one or more processors 204 .
- the operating system 220 may be, for example, Linux, Windows, etc., which includes program instructions for handling basic system services and performing hardware-dependent tasks.
- the application 222 includes program instructions for realizing various user-desired functions.
- the application 222 may be, for example, a browser, instant messaging software, software development tools (such as an integrated development environment IDE, a compiler, etc.), but is not limited thereto.
- a driver module may be added to the operating system 220.
- the processor 204 When the computing device 200 starts to run, the processor 204 reads program instructions of the operating system 220 from the memory 206 and executes them.
- the application 222 runs on the operating system 220, and utilizes the interface provided by the operating system 220 and the underlying hardware to realize various user-desired functions.
- the application 222 is loaded into the memory 206 , and the processor 204 reads and executes the program instructions of the application 222 from the memory 206 .
- Computing device 200 also includes storage device 232 , which includes removable storage 236 and non-removable storage 238 , both of which are connected to storage interface bus 234 .
- Computing device 200 may also include interface bus 240 to facilitate communication from various interface devices (eg, output devices 242 , peripheral interfaces 244 , and communication devices 246 ) to base configuration 202 via bus/interface controller 230 .
- Example output devices 242 include a graphics processing unit 248 and an audio processing unit 250 . They may be configured to facilitate communication with various external devices such as a display or speakers via one or more A/V ports 252 .
- Example peripherals interfaces 244 may include serial interface controller 254 and parallel interface controller 256, which may be configured to facilitate communication via one or more I/O ports 258 and input devices such as (e.g., keyboard, mouse, pen) , voice input device, touch input device) or other peripherals (such as printers, scanners, etc.) to communicate with external devices such as.
- the example communication device 246 may include a network controller 260 , which may be arranged to facilitate communication with one or more other computing devices 262 over a network communication link via one or more communication ports 264 .
- a network communication link may be one example of a communication medium.
- Communication media typically embodies computer readable instructions, data structures, program modules in a modulated data signal such as a carrier wave or other transport mechanism and may include any information delivery media.
- a "modulated data signal" may be a signal that has one or more of its data sets or changes thereof in such a manner as to encode information in the signal.
- communication media may include wired media such as a wired or dedicated-line network, and various wireless media such as acoustic, radio frequency (RF), microwave, infrared (IR) or other wireless media.
- RF radio frequency
- IR infrared
- the term computer readable media as used herein may include both storage media and communication media.
- Computing device 200 also includes a storage interface bus 234 coupled to bus/interface controller 230 .
- the storage interface bus 234 is connected to the storage device 232, and the storage device 232 is suitable for data storage.
- Exemplary storage devices 232 may include removable storage 236 (eg, CD, DVD, USB stick, removable hard disk, etc.) and non-removable storage 238 (eg, hard disk drive HDD, etc.).
- the application 222 includes a plurality of program instructions for performing the method 300 or the method 400 .
- the application authorization method of the present invention includes a method for generating authorization information in the aforementioned first phase and burning it into a computing device (corresponding to method 300) and a method for verifying authorization information in the aforementioned second phase (corresponding to method 400) ), which are introduced separately below.
- Fig. 3 shows a flow chart of a method 300 for generating authorization information and burning it into a computing device in an application authorization method according to an embodiment of the present invention.
- the method 300 is suitable for execution in a computing device, such as the aforementioned computing device 200 .
- the purpose of the method 300 is to generate authorization information and burn it into the computing device.
- the method 300 begins with step S302.
- step S302 at least one piece of hardware information in the computing device is respectively encrypted to generate respective first hardware encrypted information.
- the computing equipment includes multiple hardware (such as: motherboard, BIOS, hard disk, cpu, network card, memory, graphics card, sound card, etc.), and the staff needs to set the The range of matching degree of hardware information, that is, which hardware is selected as the hardware information to be bound. In other words, what hardware information needs to be encrypted needs to be stored in the computing device.
- the validity and reliability of the hard disk is higher than that of the sound card, and the information of the hard disk is preferentially selected as the binding information.
- the reliability and validity can be determined by referring to the user replacement ratio or the number of times in the historical data compared between the two.
- the following hardware information matching degree range may be referred to:
- a, b, and c respectively represent a range of hardware information matching degree.
- the hardware information of all hardware in the selected range of matching degree of hardware information is read out, and an encryption algorithm is used to encrypt all hardware information within the matching range of hardware information one by one.
- an encryption algorithm is used to encrypt all hardware information within the matching range of hardware information one by one.
- the SHA256 encryption algorithm can be used, but of course it is not limited thereto, and other hash encryption algorithms such as MD5, or encryption algorithms such as RSA and DSA can also be used.
- SHA256 (hard disk 1 information) + SHA256 (hard disk 2 information) + SHA256 (mainboard information) + SHA256 (network card 1 information) + SHA256 (network card 2 information);
- a 1 , b 1 , and c 1 respectively include multiple pieces of hardware encryption information.
- the hardware information needs to be able to uniquely specify the hardware.
- the motherboard information can be the serial number of the motherboard; if the hardware is a CPU, the CPU information can be the CPU serial number; if the motherboard is a network card, then the network card The information may be a network card MAC or the like.
- step S304 the authorization serial number of the application is obtained.
- the license serial number of the application program is provided by the software manufacturer.
- each first hardware encryption information and the authorization serial number of the application program are encoded to generate a first verification value.
- the check value generating algorithm may adopt a cyclic redundancy check algorithm (CRC), but of course it is not limited thereto.
- the hardware encryption information a 1 in the above example is encoded with the authorization serial number of the application program for the following description:
- Check value (a 1 + authorization serial number of the application) CRC [SHA256 (hard disk information) + SHA256 (CPU information) + SHA256 (memory information) + SHA256 (BIOS information) + SHA256 (main board information) + SHA256 (network card information) + the authorization serial number of the application].
- a complete authorization information (a 1 ) can be expressed as:
- authorization information (b 1 ) and authorization information (c 1 ) corresponding to the aforementioned hardware encryption information b 1 and c 1 are generated respectively.
- the generated authorization information is written into the BIOS (Basic Input Output System) chip of the computing device by burning.
- Multiple authorization information can be burned in the BIOS chip, for example, authorization information (a 1 ), authorization information (b 1 ) and authorization information (c 1 ), or only one authorization information can be burned, which is not limited here.
- the method 300 also includes:
- Structural processing is performed on the first hardware encryption algorithm, the authorization serial number of the application program and the first check value.
- a structure is formed by forming the first hardware encryption algorithm, the authorization serial number of the application program and the first check value.
- related algorithms can be used for structured processing, for example:
- the authorization information After the authorization information is structured, on the one hand, it can facilitate the burning of the authorization information, and on the other hand, it can improve the confidentiality of the authorization information.
- the authorization information can also be burned into the BIOS chip in the form of a table, for example as follows:
- Fig. 4 shows a flow chart of an authorization information verification method 400 in an application program authorization method according to an embodiment of the present invention.
- the method 400 is suitable for execution in a computing device, such as the aforementioned computing device 200 .
- the purpose of the method 400 is to verify the authorization information, starting from step S402.
- step S402 at least one authorization information pre-stored in the computing device is extracted, the authorization information includes at least one first hardware encryption information, The authorization serial number and the first check value of the application program.
- the authorization information is pre-burned into the BIOS chip of the computing device, and its generation process and burning process correspond to the above-mentioned method 300, which will not be repeated here.
- step S404 the authorization information is analyzed to determine whether the authorization information is correct.
- the authorization information is analyzed, and the first hardware encryption information, the authorization serial number of the application program, and the first check value are respectively obtained; the first hardware encryption information and the authorization serial number of the application program are encoded by a check value generation algorithm, Generate a second check value; judge whether the first check value is the same as the second check value; if the first check value is the same as the second check value, then judge whether the authorization serial number of the application is legal; if the application If the authorization serial number of the program is legal, then confirm that the authorization information is correct.
- the authorization fails.
- the verification value generation algorithm adopted when generating the second verification value should be the same as the verification value generation algorithm adopted in the aforementioned step S306.
- the authorization serial number generated by the software manufacturer are all numbers, and If there are non-numbers (for example, letters) in the license serial number of the obtained application, it means that the software serial number of the application is illegal; or, the license serial number generated by the software manufacturer is 11 digits, and the obtained application If the authorization serial number of the program is more or less than 11, it means that the software serial number of the application program is illegal, etc., which is not limited in this embodiment.
- the authorization information is structured when it is generated, it is necessary to destructure the authorization information during parsing, that is, use an algorithm that is inverse to the structural algorithm to process the authorization information.
- step S406 when it is determined that the authorization information is correct, each piece of hardware information related to the preset matching rule of the computing device is acquired.
- each hardware identification corresponding to the first hardware encryption information is acquired; and each hardware information related to each hardware identification in the current computing device is acquired.
- the hardware identification can be understood as a hardware name, in other words, which hardware is encrypted in the first hardware encryption information is obtained, and then the hardware information of these hardware configured in the computing device is checked.
- the hardware information can be obtained through documents such as the instruction manual of the computing device, or can be obtained by viewing the attributes of the computing device, which is not limited in this embodiment.
- the preset matching rule may be: the range of matching hardware information corresponding to the first hardware encryption information is 7 pieces of hardware, then the current computing device satisfies the matching of 5 or more pieces of hardware information corresponding to the first hardware encryption information
- the hardware in the hardware information range can be the same, or the matching range is 5 hardware, and 3 or more hardware information can be the same, etc.
- step S408 the hardware information is respectively encrypted to generate second hardware encrypted information.
- the encryption algorithm used when generating the second hardware-encrypted information should be the same as that used when generating the first hardware-encrypted information.
- step S410 the second hardware encrypted information is matched with the first hardware encrypted information, and when the preset matching rule is met, the authorization is successful.
- the second hardware encryption information is matched with the first hardware encryption information, and when the matching degree reaches a preset threshold, the authorization is successful.
- the first hardware encryption information corresponds to 7 pieces of hardware encryption information, if the 5 pieces of hardware encryption information corresponding to the second hardware encryption information are the same as those in the first hardware encryption information, the authorization is successful; otherwise, the authorization fails.
- the scheme of the present invention adopts the method of binding the hardware information and the software authorization serial number to solve the problem of unlimited proliferation of the authorization serial number, thereby reducing the loss of the software manufacturer and strengthening the support for the genuine software, and, in this scheme, the hardware
- the information and software authorization serial number are burned in the BIOS, so that the authorization verification process can still be completed normally even when offline.
- This solution also proposes a hardware information matching rule.
- the authorization verification process can still be completed normally, thus providing the user with a certain degree of freedom and improving the user experience. At the same time, it strengthens the software provider’s interest protection.
- the various techniques described herein can be implemented in conjunction with hardware or software, or a combination thereof.
- the method and device of the present invention, or certain aspects or parts of the method and device of the present invention may be embedded in a tangible medium, such as a removable hard disk, USB flash drive, floppy disk, CD-ROM or any other machine-readable storage medium
- program code ie, instructions
- a machine such as a computer
- the program when the program is loaded into a machine such as a computer and executed by the machine, the machine becomes an apparatus for practicing the invention.
- the computing device In the case of program code execution on a programmable computer, the computing device generally includes a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device.
- the memory is configured to store program code; the processor is configured to execute the method of the present invention according to instructions in the program code stored in the memory.
- Readable media include, by way of example and not limitation, readable storage media and communication media.
- Readable storage media store information such as computer readable instructions, data structures, program modules or other data.
- Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of readable media.
- modules or units or components of the devices in the examples disclosed herein may be arranged in the device as described in this embodiment, or alternatively may be located in a different location than the device in this example. in one or more devices.
- the modules in the preceding examples may be combined into one module or furthermore may be divided into a plurality of sub-modules.
- modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment.
- Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies.
- All features disclosed in this specification including accompanying claims, abstract and drawings) and any method or method so disclosed may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined.
- Each feature disclosed in this specification may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Radar, Positioning & Navigation (AREA)
- Remote Sensing (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Mathematical Physics (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
An application authorization method, a computing device, and a storage medium. The application authorization method is executed in the computing device, and comprises: extracting at least one piece of authorization information prestored in a computing device, the authorization information comprising: at least one piece of first hardware encryption information, an authorization serial number of an application, and a first check value (402); parsing the authorization information to determine whether the authorization information is correct (404); when it is determined that the authorization information is correct, obtaining different hardware information related to a preset matching rule of the computing device (406); respectively encrypting the different hardware information to generate different second hardware encryption information (408); and matching the second hardware encryption information with the first hardware encryption information, and when the preset matching rule is satisfied, the authorization succeeding (410).
Description
本发明涉及计算机技术领域,具体涉及一种应用程序的授权方法、计算设备以及存储介质。The present invention relates to the field of computer technology, in particular to an application program authorization method, a computing device and a storage medium.
随着计算机技术的不断发展,计算机软件(即,应用程序)也在不断的迭代发展出新。同时计算机软件的授权问题也越来越突出,对于收费软件厂商而言,如果软件被破解且扩散,会给公司带来巨大的损失。因此授权问题也是软件公司必须重视的问题所在。With the continuous development of computer technology, new computer software (that is, application programs) is also continuously iteratively developed. At the same time, the problem of computer software authorization is becoming more and more prominent. For paid software manufacturers, if the software is cracked and spread, it will bring huge losses to the company. Therefore, the authorization issue is also an issue that software companies must pay attention to.
发明内容Contents of the invention
鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的应用程序的授权方法方法、计算设备以及存储介质。In view of the above problems, the present invention is proposed to provide an application authorization method, computing device, and storage medium that overcome the above problems or at least partially solve the above problems.
根据本发明的一个方面,提供一种应用程序的授权方法,在计算设备中执行,该方法包括:提取预存在计算设备中的至少一个授权信息,授权信息包括至少一个第一硬件加密信息、应用程序的授权序列号及第一校验值;解析授权信息,以判定授权信息是否正确;在确定授权信息正确时,获取与计算设备的预设匹配规则相关的各硬件信息;对各硬件信息分别进行加密,来生成各第二硬件加密信息;对第二硬件加密信息与第一硬件加密信息进行匹配,当满足预设匹配规则时,授权成功。According to one aspect of the present invention, there is provided a method for authorizing an application, which is executed in a computing device. The method includes: extracting at least one authorization information pre-stored in the computing device, the authorization information including at least one first hardware encryption information, an application The authorization serial number and the first check value of the program; the authorization information is analyzed to determine whether the authorization information is correct; when the authorization information is determined to be correct, each hardware information related to the preset matching rules of the computing device is obtained; each hardware information is separately performing encryption to generate each second hardware encrypted information; matching the second hardware encrypted information with the first hardware encrypted information, and when the preset matching rule is met, the authorization is successful.
可选地,在根据本发明的应用程序的授权方法中,授权信息通过烧录的方式写入计算设备的BIOS芯片。Optionally, in the application program authorization method according to the present invention, the authorization information is written into the BIOS chip of the computing device by means of burning.
可选地,在根据本发明的应用程序的授权方法中,还包括生成授权信息的步骤,包括:对计算设备中的至少一个硬件信息分别进行加密,生成各自的第一硬件加密信息;获取应用程序的授权序列号;基于校验值生成算法,对各第一硬件加密信息与应用程序的授权序列号进行编码,生成第一校验值。Optionally, in the application program authorization method according to the present invention, a step of generating authorization information is also included, including: respectively encrypting at least one piece of hardware information in the computing device to generate respective first hardware encryption information; obtaining the application The authorization serial number of the program; based on the verification value generation algorithm, each first hardware encryption information and the authorization serial number of the application program are encoded to generate the first verification value.
可选地,在根据本发明的应用程序的授权方法中,解析授权信息,以判定授权信息是否正确的步骤包括:解析授权信息,分别获得第一硬件加密信息、应用程序的授权序列号及第一校验值;通过校验值生成算法对解析获得的第一硬件加密信息与应用程序的授权序列号进行编码,生成第二校验值;判断第一校验值与第二校验值是否相同;若第一校验值与第二校验值相同时,则判断应用程序的授权序列号是否合法;若应用程序的授权序列号合法,则确认授权信息正确。Optionally, in the application program authorization method according to the present invention, the step of parsing the authorization information to determine whether the authorization information is correct includes: parsing the authorization information to obtain the first hardware encryption information, the authorization serial number of the application program, and the second A check value; encode the first hardware encryption information obtained by parsing and the authorization serial number of the application program through a check value generation algorithm to generate a second check value; determine whether the first check value and the second check value the same; if the first check value is the same as the second check value, it is judged whether the authorization serial number of the application program is legal; if the authorization serial number of the application program is legal, it is confirmed that the authorization information is correct.
可选地,在根据本发明的应用程序的授权方法中,在确定授权信息正确时,获取与计算设备的预设匹配规则相关的各硬件信息的步骤包括:获取第一硬件加密信息对应的各硬件标识;获取当前计算设备中的与各硬件标识相关的各硬件信息。Optionally, in the application program authorization method according to the present invention, when it is determined that the authorization information is correct, the step of acquiring hardware information related to the preset matching rules of the computing device includes: acquiring each hardware information corresponding to the first hardware encryption information. Hardware identification; acquiring hardware information related to each hardware identification in the current computing device.
可选地,在根据本发明的应用程序的授权方法中,加密算法为SHA256;校验值生成算法为循环冗余校验算法。Optionally, in the application program authorization method according to the present invention, the encryption algorithm is SHA256; the check value generation algorithm is a cyclic redundancy check algorithm.
可选地,在根据本发明的应用程序的授权方法中,授权信息的生成方法还包括:将第一硬件加密算法、应用程序的授权序列号及第一校验值进行结构化处理。Optionally, in the application program authorization method according to the present invention, the authorization information generation method further includes: performing structural processing on the first hardware encryption algorithm, the application program authorization serial number and the first check value.
可选地,在根据本发明的应用程序的授权方法中,对第二硬件加密信息与第一硬件加密信息进行匹配,当满足预设匹配规则时,授权成功的步骤包括:将第二硬件加密信息与第一硬件加密信息进行匹配,当匹配度达到预设阈值时,授权成功。Optionally, in the application authorization method according to the present invention, the second hardware encryption information is matched with the first hardware encryption information, and when the preset matching rule is satisfied, the step of authorization success includes: encrypting the second hardware The information is matched with the first hardware encrypted information, and when the matching degree reaches a preset threshold, the authorization is successful.
根据本发明的又一个方面,提供一种计算设备,包括:至少一个处理器;和存储有程序指令的存储器,其中,所述程序指令被配置为适于由所述至少一个处理器执行,所述程序指令包括用于执行上述方法的指令。According to yet another aspect of the present invention, there is provided a computing device comprising: at least one processor; and a memory storing program instructions, wherein the program instructions are configured to be executed by the at least one processor, the The program instructions described above include instructions for performing the methods described above.
根据本发明的又一个方面,提供一种存储有程序指令的可读存储介质,当所述程序指令被计算设备读取并执行时,使得所述计算设备执行上述的方法。According to still another aspect of the present invention, a readable storage medium storing program instructions is provided, and when the program instructions are read and executed by a computing device, the computing device is made to execute the above method.
本发明的方案,采用硬件信息与软件授权序列号绑定的方式,解决了授权序列号无限扩散的问题,从而减少软件厂商损失,加强对正版软件的支持,并且,在本方案中,将硬件信息与软件授权序列号烧录在BISO中,可实现在脱网情况下,依然能够正常完成授权验证流程。The scheme of the present invention adopts the method of binding the hardware information and the software authorization serial number to solve the problem of unlimited proliferation of the authorization serial number, thereby reducing the loss of the software manufacturer and strengthening the support for the genuine software, and, in this scheme, the hardware The information and software authorization serial number are burned in the BIOS, so that the authorization verification process can still be completed normally even when offline.
本方案还提出了一种硬件信息匹配规则,在用户更换部分硬件情况下,依然能够正常完成授权验证流程,从而可以给用户提供一定的自由度、提升用户体验,同时又加强了软件提供商的利益保护。This solution also proposes a hardware information matching rule. When the user replaces some hardware, the authorization verification process can still be completed normally, thus providing the user with a certain degree of freedom and improving the user experience. At the same time, it strengthens the software provider’s interest protection.
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the specific embodiments of the present invention are enumerated below.
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiment. The drawings are only for the purpose of illustrating a preferred embodiment and are not to be considered as limiting the invention. Also throughout the drawings, the same reference numerals are used to designate the same components. In the attached picture:
图1示出了现有技术中采用软件授权序列号绑定硬件信息进行软件授权的流程图;Fig. 1 shows the flow chart of using the software authorization serial number to bind hardware information in the prior art to perform software authorization;
图2示出了根据本发明一个实施例的计算设备200的示意图;FIG. 2 shows a schematic diagram of a computing device 200 according to one embodiment of the present invention;
图3示出了根据本发明一个实施例的应用程序的授权方法中授权信息生成及其烧录进计算设备的方法300的流程图;FIG. 3 shows a flowchart of a method 300 for generating authorization information and burning it into a computing device in an application authorization method according to an embodiment of the present invention;
图4示出了根据本发明一个实施例的应用程序的授权方法中授权信息验证方法400的流程图。Fig. 4 shows a flow chart of an authorization information verification method 400 in an application program authorization method according to an embodiment of the present invention.
下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.
目前流行的计算机软件(应用程序)一般采用软件授权序列号或者软件授权序列号绑定计算机硬件信息等授权方式进行授权激活。在采用绑定硬件信息方式时,计算机的主要部件(比如主板、CPU、磁盘、内存、网卡、显卡、声卡等)是已知的,软件厂商在进行联网授权后,一般会将授权信息以文件形式保存在计算设备中。图1示出现有技术中采用软件授权序列号绑定硬件信息进行软件授权的流程图。如图1所示,现有技术在进行软件授权时的具体过程如下:Currently popular computer software (application programs) generally use software authorization serial numbers or software authorization serial numbers bound to computer hardware information and other authorization methods for authorization activation. When using the method of binding hardware information, the main components of the computer (such as motherboard, CPU, disk, memory, network card, graphics card, sound card, etc.) The form is saved in the computing device. FIG. 1 shows a flow chart of software authorization in the prior art by using a software authorization serial number to bind hardware information. As shown in Figure 1, the specific process of software authorization in the prior art is as follows:
读取客户端机器授权文件信息,并判断授权文件是否存在。Read the authorization file information of the client machine, and determine whether the authorization file exists.
若授权文件不存在,则授权失败。If the authorization file does not exist, the authorization fails.
若授权文件存在,则读取克数短机器授权文件信息,在此过程中要判断是否具有网络连接。If the authorization file exists, read the authorization file information of the gram-short machine, and determine whether there is a network connection during the process.
在判断出有网络连接的情况下,通过授权服务器完成授权信息验证。If it is determined that there is a network connection, the verification of the authorization information is completed through the authorization server.
在判断出没有网络连接的情况下,将读取本地上一次打开软件时的授权状态作为本次验证结果(例如,上次授权验证成功,本次默认授权成功;上次授权验证失败,本次延续授权失败的结果)。或者是直接认定授权失败。当每次打开软件时和授权服务器存储的授权信息进行对比,然后授权服务器下发客户端软件的授权验证结果,而在脱网或无法连接软件的授权服务器时,则无法完成软件的授权验证,进而可能会继续延续软件上一次打开时的授权状态或者返回授权验证失败的结果。When it is judged that there is no network connection, read the authorization status when the software was opened last time locally as the verification result (for example, if the last authorization verification was successful, this time the default authorization was successful; if the last authorization verification failed, this time continuation of the result of an authorization failure). Or directly determine that the authorization failed. When the software is opened every time, it is compared with the authorization information stored in the authorization server, and then the authorization server sends the authorization verification result of the client software, but when the software authorization server is offline or cannot be connected, the software authorization verification cannot be completed. In turn, it may continue to continue the authorization status when the software was opened last time or return the result of authorization verification failure.
对于上述提供的授权方式,不可避免的存在以下问题:For the authorization methods provided above, the following problems inevitably exist:
1)因为某些情况脱网而导致无法进行授权验证、继而导致无法获取授权。1) Due to some circumstances, the authorization verification cannot be performed due to disconnection from the Internet, and thus the authorization cannot be obtained.
2)仅仅进行序列号授权,而不绑定硬件信息;从而导致一旦序列号泄露则授权无限扩散;或者是为了解决序列号扩散而导致授权扩散、继而要求必须联网,从而又导致缺陷1的问题出现。2) Only the serial number authorization is performed without binding hardware information; resulting in the unlimited proliferation of authorization once the serial number is leaked; or in order to solve the diffusion of the serial number and lead to authorization proliferation, and then require the need to be connected to the Internet, which leads to the problem of defect 1 Appear.
3)绑定单个硬件信息,解决了仅仅进行序列号授权而导致授权扩散的问题;但是会引入如下问题3) Binding a single hardware information solves the problem of authorization proliferation caused by only serial number authorization; but it will introduce the following problems
a.因为硬件不规范而导致单个硬件信息无效,从而形成无效绑定。a. Due to non-standard hardware, individual hardware information is invalid, thus forming an invalid binding.
b.一旦硬件替换,则导致授权失效。b. Once the hardware is replaced, the authorization will become invalid.
4)硬件信息全绑定,降低了形成无效绑定的概率,但是会引入新的问题:用户增加、替换个别硬件,导致授权失效,继而带来用户体验降低、用户利益受损、软件厂商售后投入提高等问题。4) The hardware information is fully bound, which reduces the probability of invalid binding, but introduces new problems: the increase of users and the replacement of individual hardware lead to the invalidation of authorization, which in turn leads to a decrease in user experience, damage to user interests, and after-sales services of software manufacturers. Issues such as increasing investment.
5)使用计算机文件记录授权状态和授权信息,可能会因为文件扩散而导致授权扩散;或者是文件绑定硬件信息、但是因为用户替换个别硬件而导致授权失效等问题。5) Use computer files to record authorization status and authorization information, which may lead to authorization diffusion due to file diffusion; or file binding hardware information, but authorization invalidation due to user replacement of individual hardware.
为解决以上现有技术中存在的问题,在本发明的实施例中,提出了一种新的应用程序(软件)的授权方法,该方法分为两个阶段,其中,第一阶段在整机(计算设备)厂商生产过程中进行,整机厂商根据预先设定的硬件信息匹配规则,读取匹配规则中要求的硬件信息的有效值(如:主板,BIOS,硬盘,cpu,网卡,内存,显卡,声卡等N个硬件信息),并对读取到的硬件信息的有效值逐个进行加密;将加密后产生的所有密文和应用程序的授权序列号进行绑定,并计算产生一个校验值,这样就产生了最终的授权信息,将最终的授权信息写入BIOS中。应当指出,在计算设备中,可以预先配置布置一条授权信息,其中一条授权信息对应一个应用程序的授权,此处不再一一列举。In order to solve the above existing problems in the prior art, in the embodiment of the present invention, a new application program (software) authorization method is proposed, the method is divided into two stages, wherein, the first stage is the (Computing equipment) During the production process of the manufacturer, the complete machine manufacturer reads the effective value of the hardware information required in the matching rule according to the preset hardware information matching rules (such as: motherboard, BIOS, hard disk, cpu, network card, memory, N pieces of hardware information such as graphics card, sound card, etc.), and encrypt the effective values of the read hardware information one by one; bind all the encrypted ciphertexts generated after encryption with the authorization serial number of the application program, and calculate and generate a checksum value, so that the final authorization information is generated, and the final authorization information is written into the BIOS. It should be pointed out that, in the computing device, a piece of authorization information may be pre-configured and arranged, where a piece of authorization information corresponds to the authorization of an application program, and will not be listed here.
第二阶段为验证授权信息阶段,软件先读取BIOS中存储的授权信息,从读出的授权信息中取出所有硬件信息密文和授权序列号计算校验值,将得到的校验值和授权信息中的校验值进行对比,如果两个校验值相同,再校验读出的授权序列号是否合法有效;如果为合法授权序列号时,最后读取机器 上匹配规则范围内的所有硬件信息并逐一进行加密计算,将加密后的密文和BIOS中读取的硬件信息密文根据匹配规则进行匹配,满足匹配规则(如:匹配范围中有7个硬件信息,满足5个及以上硬件信息密文相同则匹配成功),则认为授权验证成功。The second stage is the stage of verifying the authorization information. The software first reads the authorization information stored in the BIOS, extracts all the hardware information ciphertext and authorization serial number from the read authorization information to calculate the verification value, and calculates the verification value and authorization Compare the verification values in the information, if the two verification values are the same, then verify whether the read authorization serial number is legal and valid; if it is a legal authorization serial number, finally read all the hardware on the machine within the matching rule range The information is encrypted and calculated one by one, and the encrypted ciphertext and the hardware information ciphertext read in the BIOS are matched according to the matching rules to meet the matching rules (for example: there are 7 hardware information in the matching range, and 5 or more hardware information are satisfied. If the information ciphertext is the same, the match is successful), then the authorization verification is considered successful.
本实施例提供的应用程序的授权方法的两个阶段均在计算设备中执行。图2示出了根据本发明一个实施例的计算设备200的结构图。如图2所示,在基本的配置202中,计算设备200典型地包括系统存储器206和一个或者多个处理器204。存储器总线208可以用于在处理器204和系统存储器206之间的通信。Both stages of the application program authorization method provided in this embodiment are executed in the computing device. FIG. 2 shows a block diagram of a computing device 200 according to one embodiment of the present invention. As shown in FIG. 2 , in a basic configuration 202 , computing device 200 typically includes system memory 206 and one or more processors 204 . A memory bus 208 may be used for communication between the processor 204 and the system memory 206 .
取决于期望的配置,处理器204可以是任何类型的处理,包括但不限于:微处理器(μP)、微控制器(μC)、数字信息处理器(DSP)或者它们的任何组合。处理器204可以包括诸如一级高速缓存210和二级高速缓存212之类的一个或者多个级别的高速缓存、处理器核心214和寄存器216。示例的处理器核心214可以包括运算逻辑单元(ALU)、浮点数单元(FPU)、数字信号处理核心(DSP核心)或者它们的任何组合。示例的存储器控制器218可以与处理器204一起使用,或者在一些实现中,存储器控制器218可以是处理器204的一个内部部分。Depending on the desired configuration, processor 204 may be any type of processing including, but not limited to, a microprocessor (μP), microcontroller (μC), digital information processor (DSP), or any combination thereof. Processor 204 may include one or more levels of cache such as L1 cache 210 and L2 cache 212 , processor core 214 and registers 216 . Exemplary processor core 214 may include an arithmetic logic unit (ALU), a floating point unit (FPU), a digital signal processing core (DSP core), or any combination thereof. An example memory controller 218 may be used with the processor 204 or, in some implementations, the memory controller 218 may be an internal part of the processor 204 .
取决于期望的配置,系统存储器206可以是任意类型的存储器,包括但不限于:易失性存储器(诸如RAM)、非易失性存储器(诸如ROM、闪存等)或者它们的任何组合。系统存储器206可以包括操作系统220、一个或者多个应用222以及程序数据224。应用222实际上是多条程序指令,其用于指示处理器204执行相应的操作。在一些实施方式中,应用222可以布置为在操作系统上由一个或多个处理器204利用程序数据224执行指令。操作系统220例如可以是Linux、Windows等,其包括用于处理基本系统服务以及执行依赖于硬件的任务的程序指令。应用222包括用于实现各种用户期望的功能的程序指令,应用222例如可以是浏览器、即时通讯软件、软件开发工具(例如集成开发环境IDE、编译器等)等,但不限于此。当应用222被 安装到计算设备200中时,可以向操作系统220添加驱动模块。Depending on the desired configuration, system memory 206 may be any type of memory including, but not limited to: volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.), or any combination thereof. System memory 206 may include operating system 220 , one or more applications 222 , and program data 224 . The application 222 is actually a plurality of program instructions, which are used to instruct the processor 204 to perform corresponding operations. In some implementations, applications 222 may be arranged to execute instructions on an operating system with program data 224 by one or more processors 204 . The operating system 220 may be, for example, Linux, Windows, etc., which includes program instructions for handling basic system services and performing hardware-dependent tasks. The application 222 includes program instructions for realizing various user-desired functions. The application 222 may be, for example, a browser, instant messaging software, software development tools (such as an integrated development environment IDE, a compiler, etc.), but is not limited thereto. When the application 222 is installed in the computing device 200, a driver module may be added to the operating system 220.
在计算设备200启动运行时,处理器204会从存储器206中读取操作系统220的程序指令并执行。应用222运行在操作系统220之上,利用操作系统220以及底层硬件提供的接口来实现各种用户期望的功能。当用户启动应用222时,应用222会加载至存储器206中,处理器204从存储器206中读取并执行应用222的程序指令。When the computing device 200 starts to run, the processor 204 reads program instructions of the operating system 220 from the memory 206 and executes them. The application 222 runs on the operating system 220, and utilizes the interface provided by the operating system 220 and the underlying hardware to realize various user-desired functions. When the user starts the application 222 , the application 222 is loaded into the memory 206 , and the processor 204 reads and executes the program instructions of the application 222 from the memory 206 .
计算设备200还包括储存设备232,储存设备232包括可移除储存器236和不可移除储存器238,可移除储存器236和不可移除储存器238均与储存接口总线234连接。Computing device 200 also includes storage device 232 , which includes removable storage 236 and non-removable storage 238 , both of which are connected to storage interface bus 234 .
计算设备200还可以包括有助于从各种接口设备(例如,输出设备242、外设接口244和通信设备246)到基本配置202经由总线/接口控制器230的通信的接口总线240。示例的输出设备242包括图形处理单元248和音频处理单元250。它们可以被配置为有助于经由一个或者多个A/V端口252与诸如显示器或者扬声器之类的各种外部设备进行通信。示例外设接口244可以包括串行接口控制器254和并行接口控制器256,它们可以被配置为有助于经由一个或者多个I/O端口258和诸如输入设备(例如,键盘、鼠标、笔、语音输入设备、触摸输入设备)或者其他外设(例如打印机、扫描仪等)之类的外部设备进行通信。示例的通信设备246可以包括网络控制器260,其可以被布置为便于经由一个或者多个通信端口264与一个或者多个其他计算设备262通过网络通信链路的通信。Computing device 200 may also include interface bus 240 to facilitate communication from various interface devices (eg, output devices 242 , peripheral interfaces 244 , and communication devices 246 ) to base configuration 202 via bus/interface controller 230 . Example output devices 242 include a graphics processing unit 248 and an audio processing unit 250 . They may be configured to facilitate communication with various external devices such as a display or speakers via one or more A/V ports 252 . Example peripherals interfaces 244 may include serial interface controller 254 and parallel interface controller 256, which may be configured to facilitate communication via one or more I/O ports 258 and input devices such as (e.g., keyboard, mouse, pen) , voice input device, touch input device) or other peripherals (such as printers, scanners, etc.) to communicate with external devices such as. The example communication device 246 may include a network controller 260 , which may be arranged to facilitate communication with one or more other computing devices 262 over a network communication link via one or more communication ports 264 .
网络通信链路可以是通信介质的一个示例。通信介质通常可以体现为在诸如载波或者其他传输机制之类的调制数据信号中的计算机可读指令、数据结构、程序模块,并且可以包括任何信息递送介质。“调制数据信号”可以这样的信号,它的数据集中的一个或者多个或者它的改变可以在信号中编码信息的方式进行。作为非限制性的示例,通信介质可以包括诸如有线网络或者专线网络之类的有线介质,以及诸如声音、射频(RF)、微波、红外(IR)或者其它无线介质在内的各种无线介质。这里使用的术语计算机可读介质可 以包括存储介质和通信介质二者。A network communication link may be one example of a communication medium. Communication media typically embodies computer readable instructions, data structures, program modules in a modulated data signal such as a carrier wave or other transport mechanism and may include any information delivery media. A "modulated data signal" may be a signal that has one or more of its data sets or changes thereof in such a manner as to encode information in the signal. By way of non-limiting example, communication media may include wired media such as a wired or dedicated-line network, and various wireless media such as acoustic, radio frequency (RF), microwave, infrared (IR) or other wireless media. The term computer readable media as used herein may include both storage media and communication media.
计算设备200还包括与总线/接口控制器230相连的储存接口总线234。储存接口总线234与储存设备232相连,储存设备232适于进行数据存储。示例的储存设备232可以包括可移除储存器236(例如CD、DVD、U盘、可移动硬盘等)和不可移除储存器238(例如硬盘驱动器HDD等)。Computing device 200 also includes a storage interface bus 234 coupled to bus/interface controller 230 . The storage interface bus 234 is connected to the storage device 232, and the storage device 232 is suitable for data storage. Exemplary storage devices 232 may include removable storage 236 (eg, CD, DVD, USB stick, removable hard disk, etc.) and non-removable storage 238 (eg, hard disk drive HDD, etc.).
在根据本发明的计算设备200中,应用222包括执行方法300或方法400的多条程序指令。本发明的应用程序的授权方法包括前述第一阶段中授权信息生成及其烧录进计算设备的方法(对应于方法300)和前述第二阶段中对授权信息进行验证的方法(对应于方法400),以下分别介绍之。In the computing device 200 according to the present invention, the application 222 includes a plurality of program instructions for performing the method 300 or the method 400 . The application authorization method of the present invention includes a method for generating authorization information in the aforementioned first phase and burning it into a computing device (corresponding to method 300) and a method for verifying authorization information in the aforementioned second phase (corresponding to method 400) ), which are introduced separately below.
图3示出了根据本发明一个实施例的应用程序的授权方法中授权信息生成及其烧录进计算设备的方法300的流程图。方法300适于在计算设备(例如前述计算设备200)中执行。Fig. 3 shows a flow chart of a method 300 for generating authorization information and burning it into a computing device in an application authorization method according to an embodiment of the present invention. The method 300 is suitable for execution in a computing device, such as the aforementioned computing device 200 .
如图3所示,方法300的目的是生成授权信息,并将其烧录在计算设备中,方法300,始于步骤S302,。As shown in FIG. 3 , the purpose of the method 300 is to generate authorization information and burn it into the computing device. The method 300 begins with step S302.
在步骤S302中,对计算设备中的至少一个硬件信息分别进行加密,生成各自的第一硬件加密信息。前述提到计算设备包括多个硬件(如:主板,BIOS,硬盘,cpu,网卡,内存,显卡,声卡等),工作人员需要根据实际的硬件配置和硬件信息的有效性和可靠性,设定硬件信息匹配度的范围,即,选取哪些硬件作为将要绑定的硬件信息。换言之,需要在计算设备中存储哪些需要加密的硬件信息。In step S302, at least one piece of hardware information in the computing device is respectively encrypted to generate respective first hardware encrypted information. As mentioned above, the computing equipment includes multiple hardware (such as: motherboard, BIOS, hard disk, cpu, network card, memory, graphics card, sound card, etc.), and the staff needs to set the The range of matching degree of hardware information, that is, which hardware is selected as the hardware information to be bound. In other words, what hardware information needs to be encrypted needs to be stored in the computing device.
示例性的,硬盘的有效性和可靠性要高于声卡,优先选择硬盘的信息作为绑定信息,可靠性和有效性可参考对比的二者之间历史数据中用户更换比例或次数确定。Exemplarily, the validity and reliability of the hard disk is higher than that of the sound card, and the information of the hard disk is preferentially selected as the binding information. The reliability and validity can be determined by referring to the user replacement ratio or the number of times in the historical data compared between the two.
在一个具体示例中,可参考如下硬件信息匹配度的范围:In a specific example, the following hardware information matching degree range may be referred to:
a.硬盘信息+CPU信息+内存信息+BIOS信息+主板信息+网卡信息;a. Hard disk information + CPU information + memory information + BIOS information + motherboard information + network card information;
b.硬盘1信息+硬盘2信息+主板信息+网卡1信息+网卡2信息;b. Hard disk 1 information + hard disk 2 information + motherboard information + network card 1 information + network card 2 information;
c.主板信息+BIOS信息+CPU信息+内存信息。c. Motherboard information + BIOS information + CPU information + memory information.
其中,a,b,c分别表示一个硬件信息匹配度的范围。Wherein, a, b, and c respectively represent a range of hardware information matching degree.
待确定好硬件信息匹配度的范围后,读取出选定好的硬件信息匹配度的范围中所有硬件的硬件信息,采用加密算法对硬件信息匹配范围内的所有硬件信息逐个进行加密。优选地,可采用SHA256加密算法,当然不限于此,也可以采用MD5等其他哈希加密算法,或者是RSA、DSA等加密算法。After the range of matching degree of hardware information is determined, the hardware information of all hardware in the selected range of matching degree of hardware information is read out, and an encryption algorithm is used to encrypt all hardware information within the matching range of hardware information one by one. Preferably, the SHA256 encryption algorithm can be used, but of course it is not limited thereto, and other hash encryption algorithms such as MD5, or encryption algorithms such as RSA and DSA can also be used.
继续前述示例,以SHA256为例,对各硬件信息匹配度中的硬件加密后可表示为:Continuing the previous example, taking SHA256 as an example, after encrypting the hardware in the matching degree of each hardware information, it can be expressed as:
a
1.SHA256(硬盘信息)+SHA256(CPU信息)+SHA256(内存信息)+SHA256(BIOS信息)+SHA256(主板信息)+SHA256(网卡信息);
a 1 .SHA256(hard disk information)+SHA256(CPU information)+SHA256(memory information)+SHA256(BIOS information)+SHA256(main board information)+SHA256(network card information);
b
1.SHA256(硬盘1信息)+SHA256(硬盘2信息)+SHA256(主板信息)+SHA256(网卡1信息)+SHA256(网卡2信息);
b 1. SHA256 (hard disk 1 information) + SHA256 (hard disk 2 information) + SHA256 (mainboard information) + SHA256 (network card 1 information) + SHA256 (network card 2 information);
c
1.SHA256(主板信息)+SHA256(BIOS信息)+SHA256(CPU信息)+SHA256(内存信息)。
c 1 .SHA256(mainboard information)+SHA256(BIOS information)+SHA256(CPU information)+SHA256(memory information).
其中,a
1,b
1,c
1分别包含了多个硬件加密信息。
Wherein, a 1 , b 1 , and c 1 respectively include multiple pieces of hardware encryption information.
需要说明的是,该硬件信息需要能唯一指定该硬件,例如,硬件为主板,则主板信息可为主板的序列号,硬件为CPU,则CPU信息可为CPU序列号,主板为网卡,则网卡信息可为网卡MAC等。It should be noted that the hardware information needs to be able to uniquely specify the hardware. For example, if the hardware is a motherboard, the motherboard information can be the serial number of the motherboard; if the hardware is a CPU, the CPU information can be the CPU serial number; if the motherboard is a network card, then the network card The information may be a network card MAC or the like.
在步骤S304中,获取所述应用程序的授权序列号。应用程序的授权序列号由软件厂商提供。In step S304, the authorization serial number of the application is obtained. The license serial number of the application program is provided by the software manufacturer.
在步骤306中,基于校验值生成算法,对各第一硬件加密信息与应用程序的授权序列号进行编码,生成第一校验值。具体地,校验值生成算法可采用循环冗余校验算法(CRC),当然不限于此。In step 306, based on the verification value generation algorithm, each first hardware encryption information and the authorization serial number of the application program are encoded to generate a first verification value. Specifically, the check value generating algorithm may adopt a cyclic redundancy check algorithm (CRC), but of course it is not limited thereto.
在一个具体示例中,以上述示例中的硬件加密信息a
1与应用程序的授权序列号编码进行如下说明:
In a specific example, the hardware encryption information a 1 in the above example is encoded with the authorization serial number of the application program for the following description:
校验值(a
1+应用程序的授权序列号)=CRC【SHA256(硬盘信息)+SHA256(CPU信息)+SHA256(内存信息)+SHA256(BIOS信息)+SHA256(主板信息)+SHA256(网卡信息)+应用程序的授权序列号】。
Check value (a 1 + authorization serial number of the application) = CRC [SHA256 (hard disk information) + SHA256 (CPU information) + SHA256 (memory information) + SHA256 (BIOS information) + SHA256 (main board information) + SHA256 (network card information) + the authorization serial number of the application].
在本示例中,一个完整的授权信息(a
1)可表示为:
In this example, a complete authorization information (a 1 ) can be expressed as:
当然,为了进一步地提高授权的稳定性和授权的多样性,针对同一个应用程序,也可生成多个授权信息作为备选,以确保在部分硬件被更换的情况下,依然能够正常完成授权验证流程。例如,采用该示例中的方法,再分别生成关于前述硬件加密信息b
1和c
1相对应的授权信息(b
1)和授权信息(c
1)。
Of course, in order to further improve the stability and diversity of authorization, for the same application, multiple authorization information can also be generated as an alternative to ensure that authorization verification can still be completed normally when some hardware is replaced. process. For example, using the method in this example, authorization information (b 1 ) and authorization information (c 1 ) corresponding to the aforementioned hardware encryption information b 1 and c 1 are generated respectively.
在步骤308中,将生成的授权信息通过烧录的方式写入计算设备的BIOS(Basic Input Output System)芯片。BIOS芯片中可烧录多个授权信息,例如,授权信息(a
1)、授权信息(b
1)和授权信息(c
1),也可仅烧录一个授权信息,在此不做限定。
In step 308, the generated authorization information is written into the BIOS (Basic Input Output System) chip of the computing device by burning. Multiple authorization information can be burned in the BIOS chip, for example, authorization information (a 1 ), authorization information (b 1 ) and authorization information (c 1 ), or only one authorization information can be burned, which is not limited here.
基于上述内容可知,授权信息实际为一个较长的数组,不便于存储和解析,因此,在进行授权信息烧录进BIOS芯片之前,该方法300还包括:Based on the above content, it can be seen that the authorization information is actually a long array, which is not convenient for storage and analysis. Therefore, before the authorization information is burned into the BIOS chip, the method 300 also includes:
将第一硬件加密算法、应用程序的授权序列号及第一校验值进行结构化处理。将第一硬件加密算法、应用程序的授权序列号及第一校验值形成一个结构体。具体地,可采用相关算法进行结构化处理,例如:Structural processing is performed on the first hardware encryption algorithm, the authorization serial number of the application program and the first check value. A structure is formed by forming the first hardware encryption algorithm, the authorization serial number of the application program and the first check value. Specifically, related algorithms can be used for structured processing, for example:
授权信息经结构化处理后,一方面可便于对授权信息的烧录,另一方面可提高授权信息的保密性。After the authorization information is structured, on the one hand, it can facilitate the burning of the authorization information, and on the other hand, it can improve the confidentiality of the authorization information.
或者,也可将授权信息以表格的方式烧录至BIOS芯片,举例如下:Alternatively, the authorization information can also be burned into the BIOS chip in the form of a table, for example as follows:
字段名称Field Name | 字段长度(字节)field length (bytes) |
硬盘加密信息Hard disk encryption information | 3232 |
CPU加密信息CPU encryption information | 3232 |
主板加密信息Motherboard encrypted information | 3232 |
应用程序授权序列号Application License Serial Number | 1616 |
校验值Check value | 44 |
以上完成本实施例提供的应用程序授权的方法中第一阶段对授权信息的生成及烧录的过程。The above completes the process of generating and burning authorization information in the first stage of the application program authorization method provided by this embodiment.
图4示出了根据本发明一个实施例的应用程序的授权方法中授权信息验证方法400的流程图。方法400适于在计算设备(例如前述计算设备200)中执行。Fig. 4 shows a flow chart of an authorization information verification method 400 in an application program authorization method according to an embodiment of the present invention. The method 400 is suitable for execution in a computing device, such as the aforementioned computing device 200 .
如图4所示,方法400的目的是对授权信息进行验证,始于步骤S402,在步骤S402中,提取预存在计算设备中的至少一个授权信息,授权信息包括至少一个第一硬件加密信息、应用程序的授权序列号及第一校验值。授权信息预先烧录在计算设备的BIOS芯片中,其生成过程及烧录过程对应上述方法300,在此不再赘述。As shown in FIG. 4 , the purpose of the method 400 is to verify the authorization information, starting from step S402. In step S402, at least one authorization information pre-stored in the computing device is extracted, the authorization information includes at least one first hardware encryption information, The authorization serial number and the first check value of the application program. The authorization information is pre-burned into the BIOS chip of the computing device, and its generation process and burning process correspond to the above-mentioned method 300, which will not be repeated here.
在步骤S404中,解析授权信息,以判定授权信息是否正确。In step S404, the authorization information is analyzed to determine whether the authorization information is correct.
具体地,解析授权信息,分别获得第一硬件加密信息、应用程序的授权序列号及第一校验值;通过校验值生成算法对第一硬件加密信息与应用程序的授权序列号进行编码,生成第二校验值;判断第一校验值与第二校验值是否相同;若第一校验值与第二校验值相同时,则判断应用程序的授权序列号是否合法;若应用程序的授权序列号合法,则确认授权信息正确。相应的,当第一校验值与第二校验值不相同或者应用程序受授权序列后不合法时,授权失败。Specifically, the authorization information is analyzed, and the first hardware encryption information, the authorization serial number of the application program, and the first check value are respectively obtained; the first hardware encryption information and the authorization serial number of the application program are encoded by a check value generation algorithm, Generate a second check value; judge whether the first check value is the same as the second check value; if the first check value is the same as the second check value, then judge whether the authorization serial number of the application is legal; if the application If the authorization serial number of the program is legal, then confirm that the authorization information is correct. Correspondingly, when the first check value is not the same as the second check value or the application is invalid after being authorized, the authorization fails.
值得注意的是,在生成第二检验值时采用的校验值生成算法应当与前述步骤S306中采用的校验值生成算法相同。It should be noted that the verification value generation algorithm adopted when generating the second verification value should be the same as the verification value generation algorithm adopted in the aforementioned step S306.
在一个具体示例中,判断应用程序的授权序列号是否合法,可查询该应用程序对应的软件生产商在生成授权序列号时的规则,例如,软件生产商生成的授权序列号均为数字,而获取到的应用程序的授权序列号中有非数字出现(比如,字母),则说明应用程序的软件序列号不合法;或者,软件生产商生成的授权序列号为11位,而获取到的应用程序的授权序列号比11为多或少,说明应用程序的软件序列号不合法等等,本实施例对此不作限定。In a specific example, to determine whether the authorization serial number of the application is legal, you can query the rules of the software manufacturer corresponding to the application when generating the authorization serial number. For example, the authorization serial numbers generated by the software manufacturer are all numbers, and If there are non-numbers (for example, letters) in the license serial number of the obtained application, it means that the software serial number of the application is illegal; or, the license serial number generated by the software manufacturer is 11 digits, and the obtained application If the authorization serial number of the program is more or less than 11, it means that the software serial number of the application program is illegal, etc., which is not limited in this embodiment.
还需要说明的是,如果授权信息在生成时,进行了结构化处理,则在解析时,需要向对授权信息进行逆结构化处理,即采用与结构算法相逆的算法处理授权信息。It should also be noted that if the authorization information is structured when it is generated, it is necessary to destructure the authorization information during parsing, that is, use an algorithm that is inverse to the structural algorithm to process the authorization information.
在步骤S406中,在确定授权信息正确时,获取与计算设备的预设匹配规则相关的各硬件信息。In step S406, when it is determined that the authorization information is correct, each piece of hardware information related to the preset matching rule of the computing device is acquired.
具体地,获取第一硬件加密信息对应的各硬件标识;获取当前计算设备中的与各硬件标识相关的各硬件信息。硬件标识可理解为硬件名称,换言之,获取第一硬件加密信息中是对哪些硬件进行了加密,再通过查看计算设备中配置的这些硬件的硬件信息。硬件信息可通过计算设备配套的说明书等文件获取,也可通过查看计算设备属性获取,本实施例对此不做限定。Specifically, each hardware identification corresponding to the first hardware encryption information is acquired; and each hardware information related to each hardware identification in the current computing device is acquired. The hardware identification can be understood as a hardware name, in other words, which hardware is encrypted in the first hardware encryption information is obtained, and then the hardware information of these hardware configured in the computing device is checked. The hardware information can be obtained through documents such as the instruction manual of the computing device, or can be obtained by viewing the attributes of the computing device, which is not limited in this embodiment.
在一个具体示例中,预设匹配规则可为:第一硬件加密信息对应的匹配硬件信息范围为7个硬件,则当前计算设备中满足5个及以上硬件信息与第一硬件加密信息对应的匹配硬件信息范围的硬件相同即可,或匹配范围为5个硬件,满足3个及以上硬件信息相同即可等。In a specific example, the preset matching rule may be: the range of matching hardware information corresponding to the first hardware encryption information is 7 pieces of hardware, then the current computing device satisfies the matching of 5 or more pieces of hardware information corresponding to the first hardware encryption information The hardware in the hardware information range can be the same, or the matching range is 5 hardware, and 3 or more hardware information can be the same, etc.
在步骤S408中,对硬件信息分别进行加密,来生成各第二硬件加密信息。In step S408, the hardware information is respectively encrypted to generate second hardware encrypted information.
需要说明的是,在生成第二硬件加密信息时使用的加密算法应当与在生成第一硬件加密信息时一样。It should be noted that the encryption algorithm used when generating the second hardware-encrypted information should be the same as that used when generating the first hardware-encrypted information.
在步骤S410中,对第二硬件加密信息与第一硬件加密信息进行匹配, 当满足预设匹配规则时,授权成功。具体地,将第二硬件加密信息与第一硬件加密信息进行匹配,当匹配度达到预设阈值时,授权成功。例如,第一硬件加密信息中对应了7个硬件加密信息,若第二硬件加密信息中对应的5个硬件加密信息与第一硬件加密信息中的相同,授权成功,否者授权失败。In step S410, the second hardware encrypted information is matched with the first hardware encrypted information, and when the preset matching rule is met, the authorization is successful. Specifically, the second hardware encryption information is matched with the first hardware encryption information, and when the matching degree reaches a preset threshold, the authorization is successful. For example, the first hardware encryption information corresponds to 7 pieces of hardware encryption information, if the 5 pieces of hardware encryption information corresponding to the second hardware encryption information are the same as those in the first hardware encryption information, the authorization is successful; otherwise, the authorization fails.
本发明的方案,采用硬件信息与软件授权序列号绑定的方式,解决了授权序列号无限扩散的问题,从而减少软件厂商损失,加强对正版软件的支持,并且,在本方案中,将硬件信息与软件授权序列号烧录在BISO中,可实现在脱网情况下,依然能够正常完成授权验证流程。The scheme of the present invention adopts the method of binding the hardware information and the software authorization serial number to solve the problem of unlimited proliferation of the authorization serial number, thereby reducing the loss of the software manufacturer and strengthening the support for the genuine software, and, in this scheme, the hardware The information and software authorization serial number are burned in the BIOS, so that the authorization verification process can still be completed normally even when offline.
本方案还提出了一种硬件信息匹配规则,在用户更换部分硬件情况下,依然能够正常完成授权验证流程,从而可以给用户提供一定的自由度、提升用户体验,同时又加强了软件提供商的利益保护。This solution also proposes a hardware information matching rule. When the user replaces some hardware, the authorization verification process can still be completed normally, thus providing the user with a certain degree of freedom and improving the user experience. At the same time, it strengthens the software provider’s interest protection.
这里描述的各种技术可结合硬件或软件,或者它们的组合一起实现。从而,本发明的方法和设备,或者本发明的方法和设备的某些方面或部分可采取嵌入有形媒介,例如可移动硬盘、U盘、软盘、CD-ROM或者其它任意机器可读的存储介质中的程序代码(即指令)的形式,其中当程序被载入诸如计算机之类的机器,并被所述机器执行时,所述机器变成实践本发明的设备。The various techniques described herein can be implemented in conjunction with hardware or software, or a combination thereof. Thus, the method and device of the present invention, or certain aspects or parts of the method and device of the present invention may be embedded in a tangible medium, such as a removable hard disk, USB flash drive, floppy disk, CD-ROM or any other machine-readable storage medium In the form of program code (ie, instructions) in a machine such as a computer, when the program is loaded into a machine such as a computer and executed by the machine, the machine becomes an apparatus for practicing the invention.
在程序代码在可编程计算机上执行的情况下,计算设备一般包括处理器、处理器可读的存储介质(包括易失性和非易失性存储器和/或存储元件),至少一个输入装置,和至少一个输出装置。其中,存储器被配置用于存储程序代码;处理器被配置用于根据该存储器中存储的所述程序代码中的指令,执行本发明的方法。In the case of program code execution on a programmable computer, the computing device generally includes a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. Wherein, the memory is configured to store program code; the processor is configured to execute the method of the present invention according to instructions in the program code stored in the memory.
以示例而非限制的方式,可读介质包括可读存储介质和通信介质。可读存储介质存储诸如计算机可读指令、数据结构、程序模块或其它数据等信息。通信介质一般以诸如载波或其它传输机制等已调制数据信号来体现计算机可读指令、数据结构、程序模块或其它数据,并且包括任何信息传递介质。以上的任一种的组合也包括在可读介质的范围之内。Readable media include, by way of example and not limitation, readable storage media and communication media. Readable storage media store information such as computer readable instructions, data structures, program modules or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of readable media.
在此处所提供的说明书中,算法和显示不与任何特定计算机、虚拟系统 或者其它设备固有相关。各种通用系统也可以与本发明的示例一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的较佳实施方式。In the description provided herein, the algorithms and displays are not inherently related to any particular computer, virtual system, or other device. Various general-purpose systems can also be used with examples of the invention. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages can be used to implement the contents of the present invention described herein, and the above description of specific languages is for disclosing preferred embodiments of the present invention.
在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下被实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.
类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.
本领域那些技术人员应当理解在本文所公开的示例中的设备的模块或单元或组件可以布置在如该实施例中所描述的设备中,或者可替换地可以定位在与该示例中的设备不同的一个或多个设备中。前述示例中的模块可以组合为一个模块或者此外可以分成多个子模块。Those skilled in the art will understand that the modules or units or components of the devices in the examples disclosed herein may be arranged in the device as described in this embodiment, or alternatively may be located in a different location than the device in this example. in one or more devices. The modules in the preceding examples may be combined into one module or furthermore may be divided into a plurality of sub-modules.
本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴 随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method or method so disclosed may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
此外,所述实施例中的一些在此被描述成可以由计算机系统的处理器或者由执行所述功能的其它装置实施的方法或方法元素的组合。因此,具有用于实施所述方法或方法元素的必要指令的处理器形成用于实施该方法或方法元素的装置。此外,装置实施例的在此所述的元素是如下装置的例子:该装置用于实施由为了实施该发明的目的的元素所执行的功能。Furthermore, some of the described embodiments are described herein as a method or combination of method elements that may be implemented by a processor of a computer system or by other means for performing the described function. Thus, a processor with the necessary instructions for carrying out the described method or element of a method forms a means for carrying out the method or element of a method. Furthermore, elements described herein of an apparatus embodiment are examples of means for carrying out the function performed by the element for the purpose of carrying out the invention.
如在此所使用的那样,除非另行规定,使用序数词“第一”、“第二”、“第三”等等来描述普通对象仅仅表示涉及类似对象的不同实例,并且并不意图暗示这样被描述的对象必须具有时间上、空间上、排序方面或者以任意其它方式的给定顺序。As used herein, unless otherwise specified, the use of ordinal numbers "first," "second," "third," etc. to describe generic objects merely means referring to different instances of similar objects and is not intended to imply such The described objects must have a given order temporally, spatially, sequentially or in any other way.
尽管根据有限数量的实施例描述了本发明,但是受益于上面的描述,本技术领域内的技术人员明白,在由此描述的本发明的范围内,可以设想其它实施例。此外,应当注意,本说明书中使用的语言主要是为了可读性和教导的目的而选择的,而不是为了解释或者限定本发明的主题而选择的。因此,在不偏离所附权利要求书的范围和精神的情况下,对于本技术领域的普通技术人员来说许多修改和变更都是显而易见的。对于本发明的范围,对本发明所做的公开是说明性的而非限制性的,本发明的范围由所附权利要求书限定。While the invention has been described in terms of a limited number of embodiments, it will be apparent to a person skilled in the art having the benefit of the above description that other embodiments are conceivable within the scope of the invention thus described. In addition, it should be noted that the language used in the specification has been chosen primarily for the purpose of readability and instruction rather than to explain or define the inventive subject matter. Accordingly, many modifications and alterations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the appended claims. The disclosure of the present invention is intended to be illustrative rather than restrictive with respect to the scope of the present invention, which is defined by the appended claims.
Claims (10)
- 一种应用程序的授权方法,在计算设备中执行,所述方法包括:A method for authorizing an application program, executed in a computing device, the method comprising:提取预存在所述计算设备中的至少一个授权信息,所述授权信息包括至少一个第一硬件加密信息、所述应用程序的授权序列号及第一校验值;Extracting at least one authorization information pre-stored in the computing device, the authorization information including at least one first hardware encryption information, the authorization serial number of the application program, and a first check value;解析所述授权信息,以判定所述授权信息是否正确;Parsing the authorization information to determine whether the authorization information is correct;在确定所述授权信息正确时,获取与所述计算设备的预设匹配规则相关的各硬件信息;When it is determined that the authorization information is correct, acquiring each piece of hardware information related to the preset matching rule of the computing device;对各所述硬件信息分别进行加密,来生成各第二硬件加密信息;Encrypting each of the hardware information respectively to generate each second hardware encrypted information;对所述第二硬件加密信息与所述第一硬件加密信息进行匹配,当满足所述预设匹配规则时,授权成功。The second hardware encrypted information is matched with the first hardware encrypted information, and when the preset matching rule is met, the authorization is successful.
- 如权利要求1所述的方法,其中,所述授权信息通过烧录的方式写入所述计算设备的BIOS芯片。The method according to claim 1, wherein the authorization information is written into the BIOS chip of the computing device by means of burning.
- 如权利要求1所述的方法,还包括生成所述授权信息的步骤,包括:The method of claim 1, further comprising the step of generating said authorization information, comprising:对所述计算设备中的至少一个硬件信息分别进行加密,生成各自的第一硬件加密信息;Encrypting at least one piece of hardware information in the computing device respectively to generate respective first hardware encryption information;获取所述应用程序的授权序列号;Obtain an authorization serial number for said application;基于校验值生成算法,对各所述第一硬件加密信息与所述应用程序的授权序列号进行编码,生成所述第一校验值。Encoding each of the first hardware encryption information and the authorization serial number of the application program based on a check value generating algorithm to generate the first check value.
- 如权利要求1或3所述的方法,其中,所述解析授权信息,以判定授权信息是否正确的步骤包括:The method according to claim 1 or 3, wherein the step of parsing the authorization information to determine whether the authorization information is correct comprises:解析所述授权信息,分别获得所述第一硬件加密信息、所述应用程序的授权序列号及所述第一校验值;Analyzing the authorization information to obtain the first hardware encryption information, the authorization serial number of the application program, and the first check value respectively;通过校验值生成算法对解析获得的第一硬件加密信息与应用程序的授权序列号进行编码,生成第二校验值;Encoding the first hardware encryption information obtained through analysis and the authorization serial number of the application program through a check value generating algorithm to generate a second check value;判断所述第一校验值与所述第二校验值是否相同;judging whether the first check value is the same as the second check value;若所述第一校验值与所述第二校验值相同,则判断所述应用程序的授权序列号是否合法;If the first check value is the same as the second check value, then determine whether the authorization serial number of the application is legal;若所述应用程序的授权序列号合法,则确认授权信息正确。If the authorization serial number of the application program is legal, it is confirmed that the authorization information is correct.
- 如权利要求1所述的方法,其中,所述在确定授权信息正确时,获取与所述计算设备的预设匹配规则相关的各硬件信息的步骤包括:The method according to claim 1, wherein when the authorization information is determined to be correct, the step of obtaining hardware information related to the preset matching rules of the computing device comprises:获取所述第一硬件加密信息对应的各硬件标识;Acquiring hardware identifiers corresponding to the first hardware encryption information;获取当前计算设备中的与各所述硬件标识相关的各硬件信息。Acquire hardware information related to each hardware identifier in the current computing device.
- 如权利要求3所述的方法,其中,所述加密算法为SHA256;所述校验值生成算法为循环冗余校验算法。The method according to claim 3, wherein, the encryption algorithm is SHA256; the verification value generation algorithm is a cyclic redundancy check algorithm.
- 如权利要求3所述的方法,其中,所述授权信息的生成方法还包括:The method according to claim 3, wherein the method for generating authorization information further comprises:将所述第一硬件加密信息、所述应用程序的授权序列号及所述第一校验值进行结构化处理。Structural processing is performed on the first hardware encryption information, the authorization serial number of the application program, and the first check value.
- 如权利要求1所述的方法,其中,所述预设匹配规则包括:The method according to claim 1, wherein the preset matching rules include:当匹配度达到预设阈值时,授权成功。When the matching degree reaches the preset threshold, the authorization is successful.
- 一种计算设备,包括:A computing device comprising:至少一个处理器;和at least one processor; and存储有程序指令的存储器,其中,所述程序指令被配置为适于由所述至少一个处理器执行,所述程序指令包括用于执行如权利要求1-8中任一项所述方法的指令。A memory storing program instructions, wherein the program instructions are configured to be executed by the at least one processor, the program instructions comprising instructions for performing the method according to any one of claims 1-8 .
- 一种存储有程序指令的可读存储介质,当所述程序指令被计算设备读取并执行时,使得所述计算设备执行如权利要求1-8中任一项所述的方法。A readable storage medium storing program instructions, when the program instructions are read and executed by a computing device, the computing device is made to execute the method according to any one of claims 1-8.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110624008.5 | 2021-06-04 | ||
CN202110624008.5A CN113254887A (en) | 2021-06-04 | 2021-06-04 | Authorization method of application program, computing device and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022252466A1 true WO2022252466A1 (en) | 2022-12-08 |
Family
ID=77186570
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/124292 WO2022252466A1 (en) | 2021-06-04 | 2021-10-18 | Application authorization method, computing device, and storage medium |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN113254887A (en) |
WO (1) | WO2022252466A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117077184A (en) * | 2023-10-17 | 2023-11-17 | 西安热工研究院有限公司 | Method, system, equipment and medium for authorizing and keeping secret of upper computer software of DCS (distributed control system) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113254887A (en) * | 2021-06-04 | 2021-08-13 | 统信软件技术有限公司 | Authorization method of application program, computing device and storage medium |
CN113761479B (en) * | 2021-09-15 | 2024-03-12 | 厦门熵基科技有限公司 | Software authorization method, system, equipment and computer storage medium |
CN114117364B (en) * | 2022-01-24 | 2022-03-29 | 北京麟卓信息科技有限公司 | Offline software license control method and system |
CN114510685B (en) * | 2022-01-28 | 2024-05-14 | 统信软件技术有限公司 | Authorization state resetting method, authorization state updating method and system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103592927A (en) * | 2013-11-26 | 2014-02-19 | 蓝盾信息安全技术股份有限公司 | Method for binding product server and service function through license |
CN109840398A (en) * | 2019-02-14 | 2019-06-04 | 北京儒博科技有限公司 | Software authorization method, device, equipment and storage medium |
CN111709010A (en) * | 2020-06-19 | 2020-09-25 | 山东省计算中心(国家超级计算济南中心) | Terminal authentication information extraction and verification method and system based on state cryptographic algorithm |
CN111708991A (en) * | 2020-06-17 | 2020-09-25 | 腾讯科技(深圳)有限公司 | Service authorization method, service authorization device, computer equipment and storage medium |
US20210103680A1 (en) * | 2019-10-03 | 2021-04-08 | Insyde Software Corp. | Firmware-based method for securely enabling hardware devices during a computing plataform boot sequence |
CN113254887A (en) * | 2021-06-04 | 2021-08-13 | 统信软件技术有限公司 | Authorization method of application program, computing device and storage medium |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109598104B (en) * | 2018-11-28 | 2021-08-10 | 武汉虹旭信息技术有限责任公司 | Software authorization protection system and method based on timestamp and secret authentication file |
CN110162936B (en) * | 2019-05-31 | 2020-03-31 | 北京比特安索信息技术有限公司 | Software content use authorization method |
CN110659457B (en) * | 2019-09-20 | 2022-06-07 | 安徽听见科技有限公司 | Application authorization verification method and device and client |
-
2021
- 2021-06-04 CN CN202110624008.5A patent/CN113254887A/en active Pending
- 2021-10-18 WO PCT/CN2021/124292 patent/WO2022252466A1/en unknown
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103592927A (en) * | 2013-11-26 | 2014-02-19 | 蓝盾信息安全技术股份有限公司 | Method for binding product server and service function through license |
CN109840398A (en) * | 2019-02-14 | 2019-06-04 | 北京儒博科技有限公司 | Software authorization method, device, equipment and storage medium |
US20210103680A1 (en) * | 2019-10-03 | 2021-04-08 | Insyde Software Corp. | Firmware-based method for securely enabling hardware devices during a computing plataform boot sequence |
CN111708991A (en) * | 2020-06-17 | 2020-09-25 | 腾讯科技(深圳)有限公司 | Service authorization method, service authorization device, computer equipment and storage medium |
CN111709010A (en) * | 2020-06-19 | 2020-09-25 | 山东省计算中心(国家超级计算济南中心) | Terminal authentication information extraction and verification method and system based on state cryptographic algorithm |
CN113254887A (en) * | 2021-06-04 | 2021-08-13 | 统信软件技术有限公司 | Authorization method of application program, computing device and storage medium |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117077184A (en) * | 2023-10-17 | 2023-11-17 | 西安热工研究院有限公司 | Method, system, equipment and medium for authorizing and keeping secret of upper computer software of DCS (distributed control system) |
CN117077184B (en) * | 2023-10-17 | 2024-01-30 | 西安热工研究院有限公司 | Method, system, equipment and medium for authorizing and keeping secret of upper computer software of DCS (distributed control system) |
Also Published As
Publication number | Publication date |
---|---|
CN113254887A (en) | 2021-08-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2022252466A1 (en) | Application authorization method, computing device, and storage medium | |
TWI672648B (en) | Business process method and device, data share system, and storage medium | |
US11205014B2 (en) | Method and server for authenticating and verifying file | |
US7591014B2 (en) | Program authentication on environment | |
CN112507328B (en) | File signature method, computing device and storage medium | |
TW201516733A (en) | System and method for verifying changes to UEFI authenticated variables | |
CN112182550A (en) | Authorization method, authorization system, activation device and computing equipment for application program | |
CN111679893B (en) | Operating system construction method and device, electronic equipment and storage medium | |
WO2022242003A1 (en) | Login method, authentication method and system based on multi-party authorization, and computing device | |
KR20160083930A (en) | Method and system for determining whether a terminal logging into a website is a mobile terminal | |
US9270684B2 (en) | Providing a domain to IP address reputation service | |
CN113343185B (en) | Authorization method of client application, computing device and storage medium | |
US20030236975A1 (en) | System and method for improved electronic security credentials | |
US20130019110A1 (en) | Apparatus and method for preventing copying of terminal unique information in portable terminal | |
JP2002229448A (en) | Method and apparatus and performing electronic signature to document having structure | |
WO2022252449A1 (en) | File access control method, file encryption method, and computing device | |
WO2022222437A1 (en) | Script verification method, script signing method, and computing device | |
WO2020034907A1 (en) | Authentication information transmission method, key management client and computer device | |
CN114925336A (en) | Method and system for activating software | |
WO2021012732A1 (en) | Blockchain-based information verification apparatus and method, and storage medium | |
CN111835523B (en) | Data request method, system and computing device | |
US11275867B1 (en) | Content integrity processing | |
CN113536361B (en) | Method and device for realizing trusted reference library and computing equipment | |
WO2022073336A1 (en) | Secure payment method and apparatus, electronic device, and storage medium | |
CN113254397B (en) | Data checking method and computing device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21943819 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 18/04/2024) |