CN111106939A - Software authorization method, method and device for acquiring software permission - Google Patents
Software authorization method, method and device for acquiring software permission Download PDFInfo
- Publication number
- CN111106939A CN111106939A CN201911112508.XA CN201911112508A CN111106939A CN 111106939 A CN111106939 A CN 111106939A CN 201911112508 A CN201911112508 A CN 201911112508A CN 111106939 A CN111106939 A CN 111106939A
- Authority
- CN
- China
- Prior art keywords
- authorization
- key
- signature file
- version
- license
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- Multimedia (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of information processing, in particular to a software authorization method, a method and a device for acquiring software permission, wherein the method comprises the following steps: generating an authorization key, a version key and an authorization license based on the use permission of the user to the target version of the target software; signing the authorization permission by using the authorization key to generate a first signature file; signing the authorization key by using the version key to generate a second signature file; and sending the first signature file, the second signature file and the authorization license to a client so that the client obtains the use permission of the target version of the target software through verifying the first signature file, the second signature file and the authorization license. The invention improves the security of authorization by a double key mode of the authorization key and the version key.
Description
Technical Field
The invention relates to the technical field of information processing, in particular to a software authorization method, a method and a device for acquiring software permission.
Background
Software licensing is an important means for protecting intellectual property of software, and aims to allow software users to use the software according to purchase licenses, wherein the license contents comprise software use time, software use times, software functions and the like. The benefits of a software product can be maximized using software authorization.
In the prior art, authorization of software is usually realized by using an authorization code, that is, a server sends the authorization code to a client once, and the client obtains the use right of the software according to the authorization code after receiving the authorization code. However, the authorization code is easy to copy, so that the authorization is not controllable, and the problem of poor authorization security exists.
Disclosure of Invention
In view of the above, the present invention has been made to provide a software authorization method, a method and an apparatus for acquiring a software right that overcome or at least partially solve the above problems.
According to a first aspect of the present invention, the present invention provides a software authorization method, applied to a server, the method including:
generating an authorization key, a version key and an authorization license based on the use permission of the user to the target version of the target software;
signing the authorization permission by using the authorization key to generate a first signature file;
signing the authorization key by using the version key to generate a second signature file;
and sending the first signature file, the second signature file and the authorization license to a client so that the client obtains the use permission of the target version of the target software through verifying the first signature file, the second signature file and the authorization license.
Preferably, the authorization key comprises an authorization public key and an authorization private key, and the version key comprises a version public key and a version private key;
wherein said signing the authorization license with the authorization key comprises:
signing the authorization permission with the authorization private key;
wherein said signing the authorization key with the version key comprises:
and signing the authorization public key by using the version private key.
Preferably, before the sending the first signature file, the second signature file and the authorization license to the client, the method further includes:
verifying the identity of the client;
wherein the sending the first signature file, the second signature file, and the authorization license to a client comprises:
and after the identity verification of the client passes, sending the first signature file, the second signature file and the authorization license to the client.
According to a second aspect of the present invention, there is provided a method for obtaining software rights, which is applied to a client installed with target software having a target version, the method including:
acquiring an authorized license of the target software, a first signature file generated by signing the authorized license by using an authorized key and a second signature file generated by signing the authorized key by using a version key from a server;
verifying the first signature file, the second signature file, and the authorized license;
and obtaining the use right of the target version of the target software after the first signature file, the second signature file and the authorized license are verified.
Preferably, the authorization key includes an authorization public key and an authorization private key, the version key includes a version public key and a version private key, and the version public key is embedded in the target software;
wherein prior to said verifying said first signed file, said second signed file, and said authorized license, said method further comprises:
and obtaining the authorization public key from the server.
Wherein the verifying the first signature file, the second signature file, and the authorized license comprises:
verifying the second signature file by using the version public key;
after the second signature file passes the verification, verifying the first signature file by using the authorization public key;
after the first signature file passes verification, analyzing the authorization permission to obtain permission information;
and verifying the license information.
Preferably, before the slave server obtains the authorized license of the target software, the first signature file generated by signing the authorized license with the authorized key, and the second signature file generated by signing the authorized key with the version key, the method further includes:
and sending authentication information to the server so that the server authenticates the identity of the client according to the authentication information.
According to a third aspect of the present invention, the present invention provides a software authorization apparatus, applied to a server, the apparatus including:
the first generation module is used for generating an authorization key, a version key and an authorization license based on the use permission of a user to a target version of target software;
the second generation module is used for signing the authorization permission by using the authorization key to generate a first signature file;
the third generation module is used for signing the authorization key by using the version key to generate a second signature file;
and the sending module is used for sending the first signature file, the second signature file and the authorization license to a client so that the client obtains the use permission of the target version of the target software through verifying the first signature file, the second signature file and the authorization license.
And verifying the identity of the client.
According to a fourth aspect of the present invention, the present invention provides an apparatus for acquiring software rights, which is applied to a client installed with target software having a target version, and the apparatus includes:
the acquisition module is used for acquiring the authorized license of the target software, a first signature file generated by signing the authorized license by using an authorized key and a second signature file generated by signing the authorized key by using a version key from a server;
a verification module for verifying the first signature file, the second signature file and the authorization permission;
and the obtaining module is used for obtaining the use permission of the target version of the target software after the first signature file, the second signature file and the authorized license are verified.
According to a fifth aspect of the present invention, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the method steps as in the first or second aspect described above.
According to a sixth aspect of the present invention there is provided a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor when executing the program implementing the method steps as in the first or second aspect.
According to the software authorization method and the device for acquiring the software permission, the authorization key, the version key and the authorization license are generated on the server side based on the use permission of the user to the target version of the target software. And generating a first signature file by signing the authorization permission with the authorization key, and generating a second signature file by signing the authorization key with the version key. And finally, sending the first signature file, the second signature file and the authorization permission to the client. And the client acquires the authorization license of the target software, a first signature file generated by signing the authorization license by using the authorization key and a second signature file generated by signing the authorization key by using the version key from the server. And verifies the first signed file, the second signed file, and the authorized license. After the first signature file, the second signature file and the authorization permission are verified, the use permission of the target version of the target software is obtained.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 shows a flow chart of a software authorization method in an embodiment of the invention.
Fig. 2 shows a flowchart of a method for acquiring software rights in an embodiment of the present invention.
Fig. 3 shows a flow chart of step 202 in an embodiment of the invention.
Fig. 4 shows a block diagram of a software authorization apparatus in an embodiment of the present invention.
Fig. 5 is a block diagram showing an apparatus for acquiring a software authority in the embodiment of the present invention.
Fig. 6 shows a block diagram of a computer device in an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The first embodiment of the invention provides a software authorization method which is applied to a server. The server is used for interacting with the client to authorize the target software in the client.
Referring to fig. 1, the software authorization method of the embodiment of the present invention includes the following steps:
step 101: an authorization key, a version key, and an authorization license are generated based on a user's purchase rights to a target version of target software.
Specifically, in embodiments of the present invention, when a user purchases software, the user will determine the version of the software purchased. When the user purchases the target version of the target software, the user is indicated to have the usage right of the target version of the target software, and therefore, the server generates the authorization key, the version key and the authorization license (i.e., license) based on the usage right of the target version of the target software by the user. The authorization key comprises an authorization public key and an authorization private key, and the version key comprises a version public key and a version private key. The authorization public key and the authorization private key have a corresponding relationship, and the version public key and the version private key have a corresponding relationship. The authorization key may be generated when the user registers the target software, the version key may be generated when the user completes purchasing the target version, or the authorization key and the version key may be generated at one time when the user completes purchasing the target version, as long as the authorization key and the version key exist after the user completes purchasing the target version. In addition, an authorization license is generated after the user has completed purchasing the target version. The present invention generates an authorization key, a version key and an authorization license based on the user's usage rights to the target version of the target software.
After step 101 is completed, step 102 is performed: the authorization license is signed with the authorization key, generating a first signature file.
Specifically, the authorized license is signed with an authorized private key, thereby generating a first signed file.
After step 101 is completed, step 103 may also be performed: the authorization key is signed by the version key to generate a second signature file.
Specifically, the authorized public key is signed with the version private key, thereby generating a second signature file.
In the embodiment of the present invention, the execution sequence of step 102 and step 103 is not sequential. In one aspect, the invention signs the authorized license with an authorized private key to obtain a first signed file. On the other hand, the invention also utilizes the version private key to sign the authorized public key to obtain a second signature file.
After obtaining the first signature file and the second signature file, step 104 is performed: and sending the first signature file, the second signature file and the authorization license to the client so that the client obtains the use permission of the target version of the target software through verifying the first signature file, the second signature file and the authorization license.
Specifically, the server sends the first signature file, the second signature file and the authorized license to the client, and the client verifies the first signature file, the second signature file and the authorized license, and obtains the use right of the target version of the target software after the first signature file, the second signature file and the authorized license are verified.
Further, to further improve the security of software authorization, before sending the first signature file, the second signature file and the authorization license to the client, the method further includes:
and verifying the identity of the client. Further, after the authentication of the client is passed, step 104 is executed to send the first signature file, the second signature file and the authorization permission to the client.
In particular, the identity of the client may be verified based on a sequence Code (CDKEY). That is, the CDKEY sent by the client is received, the CDKEY is verified, if the CDKEY passes the verification, the authentication of the client is passed, and if the CDKEY fails the verification, the authentication of the client is failed.
Further, in the invention, when the authorization key comprises an authorization public key and an authorization private key, and the version key comprises a version public key and a version private key, the server embeds the version public key into the target software. After the server sends the target software to the client, the client receives and obtains the target software, and then the version public key can be obtained from the target software. Meanwhile, in order to verify the first signature file, the server also sends the authorization public key to the client so that the client verifies the first signature file according to the authorization public key.
Based on the same inventive concept, the second embodiment of the present invention further provides a method for acquiring software permissions, which is applied to a client installed with target software having a target version. The client is used for interacting with the server in the first embodiment to acquire the use permission of the target version of the target software.
Referring to fig. 2, the method for acquiring software permission according to the embodiment of the present invention includes the following steps:
step 201: from the server, an authorized license of the target software, a first signature file generated by signing the authorized license with an authorization key, and a second signature file generated by signing the authorization key with a version key are acquired.
Step 202: the first signed file, the second signed file, and the authorized license are verified.
Step 203: and obtaining the use right of the target version of the target software after the first signature file, the second signature file and the authorized license are verified.
Further, to further improve the security of software authorization, before step 101, the method for acquiring software permission of the present invention further includes:
and sending the authentication information to the server so that the server authenticates the identity of the client according to the authentication information.
Specifically, the authentication information may be CDKEY, so that the client sends CDKEY to the server, so that the server authenticates the CDKEY sent by the client.
Further, in the embodiment of the present invention, the authorization key includes an authorization public key and an authorization private key, and the version key includes a version public key and a version private key. The authorization private key and the version private key are stored in the server to ensure the security of the private key. The version public key is embedded in the target software, and the client can obtain the version public key from the target software after receiving the target software. After the CDKEY authentication is passed, the server performs step 201. Specifically, in step 201, the authorization public key is obtained from the server in addition to the authorization license, the first signature file, and the second signature file. If the CDKEY authentication fails, the user is informed of the reason for the failure, for example, CDKEY error.
For step 202, as shown in FIG. 3, the following steps are included:
step 301: and verifying the second signature file by using the version public key.
Step 302: and after the second signature file passes the verification, verifying the first signature file by using the authorized public key.
Step 303: and after the first signature file passes the verification, analyzing the authorization permission to obtain permission information.
Step 304: the license information is verified.
Specifically, first, the client verifies the second signature file using the version public key embedded in the target software. And after the second signature file passes the verification, verifying the first signature file by using the authorization public key sent by the server. After the first signature file passes the verification, the verification module of the target software analyzes the authorization license sent by the server, so as to obtain the license information, and finally, the license information is verified. For resolving the license obtaining authorization information, an example is given below for explanation.
In one example, the following license information is obtained after the license resolution:
EXPIRY=2019-12-31
MAC=8C:85:90:A0:04:96
VERSION=1.2.0
MAXUSERS=2
SSIGNATURE=
Py2PBxuZ164j88a1HKV5zaLrEB3PpSxIwfNo2kTV4Ij1Z6VXhKPqYb8z0IdRzAP8VHzH7
wherein, EXPIRY represents expiration time, MAC represents MAC address, VERSION represents VERSION of target program, MAXUSERS represents maximum number of users, SSIGNATURE represents signature information, and SSIGNATURE value is signature result obtained by signing the whole character string of the above contents (except SSIGNATURE, including space and line feed).
And in the process of verifying the license information, comparing the license information with the purchase permission of the user in the client, and if the license information is matched with the purchase permission, indicating that the verification is passed, so that the permission of the target version of the target software is opened, and the client obtains the use permission of the target version of the target software. The purchase right comprises right information corresponding to the license information, for example, the purchase right comprises information for representing expiration time, information for representing MAC address and information for representing target software version, and when the expiration time is 2019-12-31, the MAC address is 8C:85:90: A0:04:96, the target software version is 1.2.0 and the maximum number of users is 2 according to the purchase right, the license information is matched with the purchase right, and verification is passed.
In the embodiment of the invention, when any one of the first signature file, the second signature file and the authorized license is not passed, the reason why the user is not passed is informed.
Based on the same inventive concept, a third embodiment of the present invention further provides a software authorization apparatus, applied to a server, as shown in fig. 4, the apparatus including:
a first generating module 401, configured to generate an authorization key, a version key, and an authorization license based on a usage right of a target version of target software by a user;
a second generating module 402, configured to sign the authorized license by using the authorization key, and generate a first signature file;
a third generating module 403, configured to sign the authorization key with the version key, and generate a second signature file;
a sending module 404, configured to send the first signature file, the second signature file, and the authorized license to a client, so that the client obtains a usage right of a target version of the target software through verification of the first signature file, the second signature file, and the authorized license.
The authorization key comprises an authorization public key and an authorization private key, and the version key comprises a version public key and a version private key;
the second generating module 402 is specifically configured to:
signing the authorization permission with the authorization private key;
the third generating module 403 is specifically configured to:
and signing the authorization public key by using the version private key.
Wherein the apparatus further comprises:
the client verification module is used for verifying the identity of the client;
the sending module 404 is specifically configured to:
and after the identity verification of the client passes, sending the first signature file, the second signature file and the authorization license to the client.
Based on the same inventive concept, a fourth embodiment of the present invention further provides an apparatus for acquiring software permissions, which is applied to a client installed with target software having a target version, as shown in fig. 5, and the apparatus includes:
an obtaining module 501, configured to obtain, from a server, an authorized license of the target software, a first signature file generated by signing the authorized license with an authorized key, and a second signature file generated by signing the authorized key with a version key;
a verification module 502 for verifying the first signature file, the second signature file, and the authorized license;
an obtaining module 503, configured to obtain a usage right of the target version of the target software after the first signature file, the second signature file, and the authorized license are verified.
The authorization key comprises an authorization public key and an authorization private key, the version key comprises a version public key and a version private key, and the version public key is embedded in the target software;
wherein the apparatus further comprises:
and the public key acquisition module is used for acquiring the authorization public key from the server.
The verification module 502 includes:
the first verification unit is used for verifying the second signature file by utilizing the version public key;
the second verification unit is used for verifying the first signature file by using the authorization public key after the second signature file passes the verification;
the third verification unit is used for analyzing the authorization permission to obtain permission information after the first signature file passes verification;
a fourth verification unit configured to verify the license information.
Wherein the apparatus further comprises:
and the verification information sending module is used for sending identity verification information to the server so that the server verifies the identity of the client according to the identity verification information.
Based on the same inventive concept, a fifth embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the method steps described in the foregoing first and second embodiments.
Based on the same inventive concept, a sixth embodiment of the present invention further provides a computer apparatus, as shown in fig. 6, for convenience of description, only the parts related to the embodiment of the present invention are shown, and details of the specific technology are not disclosed, please refer to the method part of the embodiment of the present invention. The computer device may be any terminal device including a mobile phone, a tablet computer, a PDA (Personal digital assistant), a POS (Point of Sales), a vehicle-mounted computer, and the like, taking the computer device as the mobile phone as an example:
fig. 6 is a block diagram showing a partial structure related to a computer device provided by an embodiment of the present invention. Referring to fig. 6, the computer apparatus includes: a memory 601 and a processor 602. Those skilled in the art will appreciate that the computer device configuration illustrated in FIG. 6 does not constitute a limitation of computer devices, and may include more or fewer components than those illustrated, or some components may be combined, or a different arrangement of components.
The following describes the components of the computer device in detail with reference to fig. 6:
the memory 601 may be used to store software programs and modules, and the processor 602 executes various functional applications and data processing by operating the software programs and modules stored in the memory 601. The memory 601 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.), and the like. Further, the memory 601 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The processor 602 is a control center of the computer device, and performs various functions and processes data by operating or executing software programs and/or modules stored in the memory 601 and calling data stored in the memory 601. Alternatively, processor 602 may include one or more processing units; preferably, the processor 602 may integrate an application processor, which mainly handles operating systems, user interfaces, application programs, etc., and a modem processor, which mainly handles wireless communications.
In the embodiment of the present invention, the processor 602 included in the computer device may have functions corresponding to the steps of any one of the methods in the first embodiment and the second embodiment.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components in accordance with embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Claims (10)
1. A software authorization method is applied to a server, and the method comprises the following steps:
generating an authorization key, a version key and an authorization license based on the use permission of the user to the target version of the target software;
signing the authorization permission by using the authorization key to generate a first signature file;
signing the authorization key by using the version key to generate a second signature file;
and sending the first signature file, the second signature file and the authorization license to a client so that the client obtains the use permission of the target version of the target software through verifying the first signature file, the second signature file and the authorization license.
2. The method of claim 1, wherein the authorization key comprises an authorization public key and an authorization private key, and the version key comprises a version public key and a version private key;
wherein said signing the authorization license with the authorization key comprises:
signing the authorization permission with the authorization private key;
wherein said signing the authorization key with the version key comprises:
and signing the authorization public key by using the version private key.
3. The method of claim 1, wherein prior to said sending the first signature file, the second signature file, and the authorization license to a client, the method further comprises:
verifying the identity of the client;
wherein the sending the first signature file, the second signature file, and the authorization license to a client comprises:
and after the identity verification of the client passes, sending the first signature file, the second signature file and the authorization license to the client.
4. A method for acquiring software permission, which is applied to a client installed with target software with a target version, and comprises the following steps:
acquiring an authorized license of the target software, a first signature file generated by signing the authorized license by using an authorized key and a second signature file generated by signing the authorized key by using a version key from a server;
verifying the first signature file, the second signature file, and the authorized license;
and obtaining the use right of the target version of the target software after the first signature file, the second signature file and the authorized license are verified.
5. The method of claim 4, wherein the authorization key comprises an authorization public key and an authorization private key, wherein the version key comprises a version public key and a version private key, and wherein the version public key is embedded in the target software;
wherein prior to said verifying said first signed file, said second signed file, and said authorized license, said method further comprises:
obtaining the authorization public key from a server;
wherein the verifying the first signature file, the second signature file, and the authorized license comprises:
verifying the second signature file by using the version public key;
after the second signature file passes the verification, verifying the first signature file by using the authorization public key;
after the first signature file passes verification, analyzing the authorization permission to obtain permission information;
and verifying the license information.
6. The method of claim 4, wherein before the obtaining, from the server, the authorized license of the target software, the generated first signature file signed with an authorized key for the authorized license, and the generated second signature file signed with a version key for the authorized key, the method further comprises:
and sending authentication information to the server so that the server authenticates the identity of the client according to the authentication information.
7. A software authorization apparatus, applied to a server, the apparatus comprising:
the first generation module is used for generating an authorization key, a version key and an authorization license based on the use permission of a user to a target version of target software;
the second generation module is used for signing the authorization permission by using the authorization key to generate a first signature file;
the third generation module is used for signing the authorization key by using the version key to generate a second signature file;
and the sending module is used for sending the first signature file, the second signature file and the authorization license to a client so that the client obtains the use permission of the target version of the target software through verifying the first signature file, the second signature file and the authorization license.
8. An apparatus for acquiring software rights, applied to a client installed with target software having a target version, the apparatus comprising:
the acquisition module is used for acquiring the authorized license of the target software, a first signature file generated by signing the authorized license by using an authorized key and a second signature file generated by signing the authorized key by using a version key from a server;
a verification module for verifying the first signature file, the second signature file and the authorization permission;
and the obtaining module is used for obtaining the use permission of the target version of the target software after the first signature file, the second signature file and the authorized license are verified.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method steps of any one of claims 1 to 6.
10. Computer arrangement comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor realizes the method steps of any of claims 1-6 when executing the program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911112508.XA CN111106939A (en) | 2019-11-14 | 2019-11-14 | Software authorization method, method and device for acquiring software permission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911112508.XA CN111106939A (en) | 2019-11-14 | 2019-11-14 | Software authorization method, method and device for acquiring software permission |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111106939A true CN111106939A (en) | 2020-05-05 |
Family
ID=70420756
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911112508.XA Pending CN111106939A (en) | 2019-11-14 | 2019-11-14 | Software authorization method, method and device for acquiring software permission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111106939A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112115425A (en) * | 2020-09-21 | 2020-12-22 | 北京指掌易科技有限公司 | Software authorization permission method and device and electronic equipment |
| CN112165382A (en) * | 2020-09-28 | 2021-01-01 | 大唐高鸿信安(浙江)信息科技有限公司 | Software authorization method and device, authorization server and terminal equipment |
| CN114465803A (en) * | 2022-02-15 | 2022-05-10 | 阿里巴巴(中国)有限公司 | Object authorization method, device, system and storage medium |
| CN115374405A (en) * | 2022-08-22 | 2022-11-22 | 广州鼎甲计算机科技有限公司 | Software authorization method, license authorization method, device, equipment and storage medium |
| CN118656807A (en) * | 2024-08-21 | 2024-09-17 | 江苏润开鸿数字科技有限公司 | Software license control method, device and equipment based on open source Hongmeng operating system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1971578A (en) * | 2005-10-31 | 2007-05-30 | 捷讯研究有限公司 | Secure license key method and system |
| CN101014922A (en) * | 2004-06-04 | 2007-08-08 | 维托索斯科技有限公司 | System, method, and computer program product for providing digital rights management of protected content |
| US20170063810A1 (en) * | 2015-07-28 | 2017-03-02 | Hewlett-Packard Development Company, L.P. | Shared symmetric key encryption |
| CN108268767A (en) * | 2016-12-30 | 2018-07-10 | 北京国双科技有限公司 | Web application authorization method and device |
| CN109284586A (en) * | 2018-08-27 | 2019-01-29 | 武汉达梦数据库有限公司 | Method and device for implementing software licensing |
| CN110168552A (en) * | 2017-01-12 | 2019-08-23 | 谷歌有限责任公司 | Verified guidance and key rotation |
-
2019
- 2019-11-14 CN CN201911112508.XA patent/CN111106939A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101014922A (en) * | 2004-06-04 | 2007-08-08 | 维托索斯科技有限公司 | System, method, and computer program product for providing digital rights management of protected content |
| CN1971578A (en) * | 2005-10-31 | 2007-05-30 | 捷讯研究有限公司 | Secure license key method and system |
| US20170063810A1 (en) * | 2015-07-28 | 2017-03-02 | Hewlett-Packard Development Company, L.P. | Shared symmetric key encryption |
| CN108268767A (en) * | 2016-12-30 | 2018-07-10 | 北京国双科技有限公司 | Web application authorization method and device |
| CN110168552A (en) * | 2017-01-12 | 2019-08-23 | 谷歌有限责任公司 | Verified guidance and key rotation |
| CN109284586A (en) * | 2018-08-27 | 2019-01-29 | 武汉达梦数据库有限公司 | Method and device for implementing software licensing |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112115425A (en) * | 2020-09-21 | 2020-12-22 | 北京指掌易科技有限公司 | Software authorization permission method and device and electronic equipment |
| CN112115425B (en) * | 2020-09-21 | 2024-05-24 | 北京指掌易科技有限公司 | Software authorization permission method and device and electronic equipment |
| CN112165382A (en) * | 2020-09-28 | 2021-01-01 | 大唐高鸿信安(浙江)信息科技有限公司 | Software authorization method and device, authorization server and terminal equipment |
| CN112165382B (en) * | 2020-09-28 | 2023-09-08 | 大唐高鸿信安(浙江)信息科技有限公司 | Software authorization method and device, authorization server side and terminal equipment |
| CN114465803A (en) * | 2022-02-15 | 2022-05-10 | 阿里巴巴(中国)有限公司 | Object authorization method, device, system and storage medium |
| CN114465803B (en) * | 2022-02-15 | 2024-03-01 | 阿里巴巴(中国)有限公司 | Object authorization method, device, system and storage medium |
| CN115374405A (en) * | 2022-08-22 | 2022-11-22 | 广州鼎甲计算机科技有限公司 | Software authorization method, license authorization method, device, equipment and storage medium |
| CN115374405B (en) * | 2022-08-22 | 2024-02-20 | 广州鼎甲计算机科技有限公司 | Software authorization method, license authorization method, device, equipment and storage medium |
| CN118656807A (en) * | 2024-08-21 | 2024-09-17 | 江苏润开鸿数字科技有限公司 | Software license control method, device and equipment based on open source Hongmeng operating system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111106939A (en) | Software authorization method, method and device for acquiring software permission | |
| CN109672683B (en) | IoT device binding method, binding device and terminal device | |
| US11475106B2 (en) | Application usage policy enforcement | |
| CN102045367B (en) | Registration method and authentication server for real-name authentication | |
| US9659155B2 (en) | System and method for software activation and license tracking | |
| CN109472675A (en) | Processing method, device, system and the equipment of charter business | |
| CN110071904B (en) | A detection method and system for a vehicle terminal, a server and a storage medium | |
| CN107404382A (en) | Use the licensable feature of access token control software | |
| US11057219B2 (en) | Timestamped license data structure | |
| JP2006501536A (en) | Copyright management system using legal expression language | |
| CN110998571A (en) | Offline activation of applications installed on a computing device | |
| CN110832479A (en) | System and method for software activation and license tracking | |
| KR20120051662A (en) | A method for controlling unauthorized software application usage | |
| CN107994993A (en) | Application program detection method and device | |
| US11409847B2 (en) | Source-based authentication for a license of a license data structure | |
| US20130067601A1 (en) | Generating developer license to execute developer application | |
| CN112632481A (en) | Method for authorizing software, terminal device and storage medium | |
| US20180260536A1 (en) | License data structure including license aggregation | |
| CN108881132A (en) | Using authorization method, client, server and computer-readable medium | |
| US20130067533A1 (en) | Generating a test license for a developer application | |
| CN107707550B (en) | Method, device and system for accessing virtual machine | |
| US20220207630A1 (en) | System and method for authorizing transfer requests of physical locations | |
| CN115146252B (en) | Authorization authentication method, system, computer device and storage medium | |
| US9607295B1 (en) | Automated enforcement of software application usage license | |
| TW558690B (en) | Software protecting system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20220124 Address after: C101, floor 1, building 106, Lize Zhongyuan, Chaoyang District, Beijing 100102 Applicant after: SHANSHU SCIENCE AND TECHNOLOGY (BEIJING) Co.,Ltd. Applicant after: SHANGHAI SHANSHU NETWORK TECHNOLOGY Co.,Ltd. Applicant after: Shenzhen Shanzhi Technology Co.,Ltd. Address before: 202a-12, 2 / F, building 106, Lize Zhongyuan, Chaoyang District, Beijing 100102 Applicant before: SHANSHU SCIENCE AND TECHNOLOGY (BEIJING) Co.,Ltd. Applicant before: SHANGHAI SHANSHU NETWORK TECHNOLOGY Co.,Ltd. Applicant before: SHANSHU SCIENCE AND TECHNOLOGY (SUZHOU) Co.,Ltd. Applicant before: Shenzhen Shanzhi Technology Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200505 |
|
| RJ01 | Rejection of invention patent application after publication |