+

CN113326482B - Authorization control method, authorization method, device and computing device - Google Patents

Authorization control method, authorization method, device and computing device Download PDF

Info

Publication number
CN113326482B
CN113326482B CN202110620146.6A CN202110620146A CN113326482B CN 113326482 B CN113326482 B CN 113326482B CN 202110620146 A CN202110620146 A CN 202110620146A CN 113326482 B CN113326482 B CN 113326482B
Authority
CN
China
Prior art keywords
authorization
information
application
client
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110620146.6A
Other languages
Chinese (zh)
Other versions
CN113326482A (en
Inventor
李墨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Uniontech Software Technology Co Ltd
Original Assignee
Uniontech Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Uniontech Software Technology Co Ltd filed Critical Uniontech Software Technology Co Ltd
Priority to CN202110620146.6A priority Critical patent/CN113326482B/en
Publication of CN113326482A publication Critical patent/CN113326482A/en
Application granted granted Critical
Publication of CN113326482B publication Critical patent/CN113326482B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/105Arrangements for software license management or administration, e.g. for managing licenses at corporate level
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an authorization control method which comprises the steps of receiving an authorization request sent by a client based on an application file, obtaining application ciphertext, first signature information and a first public key from the application file, verifying the first signature information based on the first public key, decrypting the application ciphertext based on a second private key to obtain equipment identification of the client, generating corresponding equipment information based on the equipment identification, establishing association between authorization configuration information and the equipment information to generate an authorization file, sending the authorization file to the client so that the client activates an application program based on the authorization file, obtaining the actual operation duration of the client at regular time, judging whether the actual operation duration exceeds the preset operation duration of the application program, and determining whether the application program authorization is due. The invention also discloses a corresponding authorization method, an authorization device and computing equipment. The authorization scheme of the invention can be used for an intranet environment and can prevent the leakage and multiplexing of authorization information.

Description

Authorization control method, authorization method, device and computing equipment
The present application is a divisional application of patent 2021103106648 of 2021.03.24 application.
Technical Field
The present invention relates to the field of application program authorization technologies, and in particular, to an authorization control method, an authorization device, and a computing device.
Background
With the development of Linux, a Linux desktop system is widely applied to various industries. Currently, domestic operating systems use Linux kernels, and installing software on domestic operating systems is typically performed in several ways, namely, based on source code compilation installation, based on offline packages (e.g., deb, rpm, etc.), based on software warehouse package manager (e.g., apt, yum, pacman, zypper, etc.), and based on application stores. The first two installation modes need to have a certain technical foundation, and can solve the problem of dependence of software packages. Application store-based installations are typically performed through command lines, the most convenient way to install for an average user.
At present, the fields applied by domestic operating systems include special fields, such as public security fields, financial fields and the like, and the network environment of the special fields is usually a private network isolated from the internet and is in an offline environment which cannot access the internet. Software warehouses and application stores provided by domestic operating systems are typically required to be accessible over the internet. Therefore, software warehouses and application stores deployed on the internet cannot provide services for such users.
In the prior art, software activation and authorization schemes are realized based on an authorization server of an internet environment, local hardware information is uploaded to the authorization server through the internet in the activation and operation process of the software, and the authorization server judges the operation condition of the software through matching records and makes authorization decisions. The authorization scheme can be realized only based on an internet environment, and some enterprise intranet environments cannot access the internet and are in an offline environment.
For this reason, an authorization control method that can be used in an offline environment is needed to solve the problems in the above technical solutions.
Disclosure of Invention
Accordingly, the present invention provides an authorization control method, an authorization device, and a computing device to solve or at least alleviate the above-mentioned problems.
According to one aspect of the invention, an authorization control method is provided and executed in a server, the method comprises the steps of receiving an authorization request of an application program sent by a client based on an application file, obtaining application cryptograms, first signature information and a first public key from the application file, verifying the first signature information based on the first public key, decrypting the application cryptograms based on a second private key to obtain equipment identification of the client and generating corresponding equipment information based on the equipment identification if the first signature information is verified, associating authorization configuration information with the equipment information to generate an authorization file, sending the authorization file to the client so that the client activates the application program based on the authorization file, and regularly obtaining actual operation duration of one or more clients associated with the authorization configuration information to determine whether the actual operation duration exceeds a preset operation duration of the application program so as to determine whether the authorization of the application program expires.
Optionally, in the authorization control method according to the invention, the step of judging whether the actual operation time length exceeds the preset operation time length of the application program comprises the steps of determining the preset operation time length of the application program according to the authorization configuration information in the authorization file, and determining that the authorization of the application program expires if the actual operation time length exceeds the preset operation time length.
Optionally, in the authorization control method according to the invention, the step of regularly acquiring the actual running time of one or more clients associated with the authorization configuration information comprises the steps of recording the running time of the plurality of clients when the authorization configuration information is associated with the plurality of clients, generating a time record, and regularly inquiring the time record to acquire the actual running time of the plurality of clients.
Optionally, in the authorization control method according to the invention, the step of regularly acquiring the actual running time of one or more clients associated with the authorization configuration information comprises the steps of counting the running time of one client when the authorization configuration information is associated with the client, and regularly acquiring a counting value to acquire the actual running time of the client.
Optionally, in the authorization control method according to the invention, the authorization configuration information comprises a predetermined running time and an authorization expiration time of the application program, and the step of determining whether the authorization of the application program expires further comprises judging whether the current use time exceeds the authorization expiration time of the application program, and if the current use time exceeds the authorization expiration time, determining that the authorization of the application program expires.
Optionally, in the authorization control method, the step of generating the authorization file comprises the steps of associating the authorization configuration information with the equipment information to generate authorization information, encrypting the authorization information based on a first public key to generate an authorization ciphertext, signing the authorization ciphertext based on a second private key to generate second signature information, and generating the authorization file based on the authorization ciphertext, the second signature information and the second public key.
Optionally, in the authorization control method according to the invention, the step of obtaining the application ciphertext, the first signature information and the first public key from the application file comprises the steps of decoding the application file based on a decoding method to obtain character string information, and obtaining the application ciphertext, the first signature information and the first public key from the character string information.
According to one aspect of the invention, an authorization method is provided and executed on a client, and the method comprises the steps of obtaining equipment information of the client, generating corresponding equipment identification based on the equipment information, encrypting the equipment identification based on a second public key, generating application cryptograms, generating matched first private keys and first public keys, signing the application cryptograms based on the first private keys, generating first signature information, generating application files based on the application cryptograms, the first signature information and the first public keys, sending an authorization request for an application program to a server based on the application files to obtain the authorization files generated by the server, and obtaining the authorization information based on the authorization files so as to activate the application program based on the authorization information.
Optionally, in the authorization method according to the invention, the step of acquiring the authorization information based on the authorization file comprises the steps of acquiring an authorization ciphertext, second signature information and a second public key from the authorization file, verifying the second signature information based on the second public key, and decrypting the authorization ciphertext based on the first private key to obtain the authorization information if the second signature information passes verification.
According to one aspect of the invention, an authorization device is provided, which resides in a client and comprises an acquisition module, an encryption module, a request module and a decryption module, wherein the acquisition module is suitable for acquiring equipment information of the client and generating corresponding equipment identification based on the equipment information, the encryption module is suitable for encrypting the equipment identification based on a second public key matched with a second private key to generate an application ciphertext, the first private key and the first public key are generated to be matched, the application ciphertext is signed based on the first private key to generate first signature information, the request module is suitable for generating an application file based on the application ciphertext, the first signature information and the first public key, an authorization request for an application program is sent to a server based on the application file to acquire the authorization file, and the decryption module is suitable for acquiring the authorization information based on the authorization file so as to activate the application program based on the authorization information.
According to one aspect of the invention there is provided a computing device comprising at least one processor, a memory storing program instructions, wherein the program instructions are configured to be adapted to be executed by the at least one processor, the program instructions comprising instructions for performing the method as described above.
According to one aspect of the present invention, there is provided a readable storage medium storing program instructions that, when read and executed by a computing device, cause the computing device to perform the method as described above.
According to the technical scheme, the invention provides an authorization control method applicable to an intranet environment, wherein a client side performs digital signature and encryption in the process of generating an application file based on equipment information, and a server only generates a corresponding authorization file and returns the corresponding authorization file to the client side after the application file is successfully checked and decrypted and the equipment information is successfully matched. In addition, the server also performs digital signature and encryption in the process of generating the authorization file, and after the client acquires the authorization file, the client also needs to successfully verify and decrypt the authorization file before acquiring the authorization information provided by the server, so that the authorization of the application program is successfully obtained based on the authorization information. Therefore, the disclosure and multiplexing of the authorization information can be prevented, and the theft of the authorization information and the tampering of the authorization configuration information are avoided, so that the copyright of the application program is effectively maintained.
Further, the invention records the running time of the service by performing the increment operation on the stored field at regular time, and can prevent the user from attempting to prolong the authorized expiration time by modifying the system time, thereby ensuring the safety and reliability of the authorized service.
The foregoing description is only an overview of the present invention, and is intended to be implemented in accordance with the teachings of the present invention in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present invention more readily apparent.
Drawings
To the accomplishment of the foregoing and related ends, certain illustrative aspects are described herein in connection with the following description and the annexed drawings, which set forth the various ways in which the principles disclosed herein may be practiced, and all aspects and equivalents thereof are intended to fall within the scope of the claimed subject matter. The above, as well as additional objects, features, and advantages of the present disclosure will become more apparent from the following detailed description when read in conjunction with the accompanying drawings. Like reference numerals generally refer to like parts or elements throughout the present disclosure.
FIG. 1 illustrates a schematic diagram of an application authorization system 100 according to one embodiment of the invention;
FIG. 2 shows a schematic diagram of a computing device 200 according to one embodiment of the invention;
FIG. 3 illustrates a flow chart of an authorization control method 300 according to one embodiment of the invention;
FIG. 4 shows a flow chart of an authorization method 400 according to one embodiment of the invention, and
Fig. 5 shows a schematic diagram of an authorization device 160 according to one embodiment of the invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
FIG. 1 shows a schematic diagram of an application authorization system 100 according to one embodiment of the invention.
As shown in fig. 1, the application authorization system 100 includes one or more clients 110 and servers 120 for applications. It should be noted that the application authorization system 100 of the present invention is in an offline environment without accessing the internet, where the client 110 and the server 120 are not connected to the internet, and the client 110 and the server 120 in the system 100 are connected based on intranet communication.
The client 110, i.e. a terminal device used by a user and suitable for installing an application program and requiring to obtain the use authority of the application program, may specifically be a personal computer such as a desktop computer, a notebook computer, or may be a mobile phone, a tablet computer, a multimedia device, an intelligent wearable device, or the like, but is not limited thereto.
The server 120 is used to control the authorization of applications installed in the client 110. The system can be realized as a computing device such as a desktop computer, a notebook computer, a processor chip, a mobile phone, a tablet computer and the like, and can also be realized as a system consisting of a plurality of computing devices.
In one embodiment, an application to be authorized is resident in the client 110, and an authorization device 160 corresponding to the application is resident, and activation of the application by the authorization device 160 may be implemented to obtain authorization of the application. Specifically, the application file may be generated by the authorizing device 160, and an authorization request for the application program may be sent to the server 120 based on the application file. After the verification of the information in the application file of the client 110 is passed, the server 120 may generate an authorization file associated with the device information of the client 110 and return to the client 110. Authorization device 160 in client 110 may obtain authorization for the application based on activation of the local application by the authorization file.
According to an embodiment of the present invention, the client 110 performs signature and encryption calculation on the application information in the process of generating the application file. Based on this, after the server 120 obtains the application file of the client 110, the authorization file is generated for the client after the application file needs to be successfully signed and decrypted. In addition, the server 120 performs signature and encryption calculation on the authorization information in the process of generating the authorization file, and after the client 110 obtains the authorization file of the server 120, the authorization information provided by the server 120 can be obtained after the authorization file is successfully signed and decrypted, so that authorization of the application program is obtained based on the authorization information.
In one embodiment, respective key pairs may be generated and provided in the client 110, the server 120, respectively. Wherein the client 110 is locally adapted to generate and provide a first key pair comprising a first private key and a first public key that match each other. The server 120 is locally adapted to generate and provide a second key pair comprising a second private key and a second public key that match each other. The client 110 and the server 120 encrypt and sign the application information and the authorization information based on the corresponding keys, respectively.
In one embodiment, the server 120 of the present invention is adapted to execute the authorization control method 300, and the server 120 processes the authorization request of the client 110 for the application by executing the authorization control method 300, so as to control the client 110 to obtain the authorization of the application. The authorization control method 300 of the present invention will be described in detail below.
In one embodiment, the client 110 in the present invention is adapted to perform the authorization method 400, and the client 110 sends an authorization request by performing the authorization method 400 to request to obtain an authorization file provided by the server 120, and obtains authorization of the application program based on the authorization file. The authorization method 400 of the present invention will also be described in detail below.
In one embodiment, the server 120 and the client 110 of the present invention may be implemented as a computing device, respectively, so that the authorization control method 300 and the authorization method 400 of the present invention may be executed in the computing device.
FIG. 2 illustrates a block diagram of a computing device 200 according to one embodiment of the invention. As shown in FIG. 2, in a basic configuration 202, computing device 200 typically includes a system memory 206 and one or more processors 204. A memory bus 208 may be used for communication between the processor 204 and the system memory 206.
Depending on the desired configuration, processor 204 may be any type of processing including, but not limited to, a microprocessor (UP), a microcontroller (UC), a digital information processor (DSP), or any combination thereof. Processor 204 may include one or more levels of cache, such as a first level cache 210 and a second level cache 212, a processor core 214, and registers 216. The example processor core 214 may include an Arithmetic Logic Unit (ALU), a Floating Point Unit (FPU), a digital signal processing core (DSP core), or any combination thereof. The example memory controller 218 may be used with the processor 204, or in some implementations, the memory controller 218 may be an internal part of the processor 204.
Depending on the desired configuration, system memory 206 may be any type of memory including, but not limited to, volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.), or any combination thereof. The system memory 106 may include an operating system 220, one or more applications 222, and program data 224. The application 222 is in effect a plurality of program instructions for instructing the processor 204 to perform a corresponding operation. In some implementations, the application 222 can be arranged to cause the processor 204 to operate with the program data 224 on an operating system.
Computing device 200 also includes storage device 232, storage device 232 including removable storage 236 and non-removable storage 238.
Computing device 200 may also include a storage interface bus 234. Storage interface bus 234 enables communication from storage devices 232 (e.g., removable storage 236 and non-removable storage 238) to base configuration 202 via bus/interface controller 230. At least a portion of the operating system 220, applications 222, and data 224 may be stored on removable storage 236 and/or non-removable storage 238 and loaded into the system memory 206 via the storage interface bus 234 and executed by the one or more processors 204 when the computing device 200 is powered up or the application 222 is to be executed.
Computing device 200 may also include an interface bus 240 that facilitates communication from various interface devices (e.g., output devices 242, peripheral interfaces 244, and communication devices 246) to basic configuration 202 via bus/interface controller 230. The example output device 242 includes a graphics processing unit 248 and an audio processing unit 250. They may be configured to facilitate communication with various external devices, such as a display or speakers, via one or more a/V ports 252. The example peripheral interface 244 may include a serial interface controller 254 and a parallel interface controller 256, which may be configured to facilitate communication via one or more I/O ports 258 and external devices such as input devices (e.g., keyboard, mouse, pen, voice input device, touch input device) or other peripherals (e.g., printer, scanner, etc.). The example communication device 246 may include a network controller 260 that may be arranged to facilitate communication with one or more other computing devices 262 over a network communication link via one or more communication ports 264.
The network communication link may be one example of a communication medium. Communication media may typically be embodied by computer readable instructions, data structures, program modules, and may include any information delivery media in a modulated data signal, such as a carrier wave or other transport mechanism. A "modulated data signal" may be a signal that has one or more of its data set or changed in such a manner as to encode information in the signal. By way of non-limiting example, communication media may include wired media such as a wired network or special purpose network, and wireless media such as acoustic, radio Frequency (RF), microwave, infrared (IR) or other wireless media. The term computer readable media as used herein may include both storage media and communication media.
In the computing device 200 according to the invention, the application 222 comprises a plurality of program instructions for executing the authorization control method 300 or the authorization method 400, which may instruct the processor 204 to execute the authorization control method 300, the authorization method 400, respectively, of the invention. It should be noted that the computing device 200 may perform the execution authorization control method 300 of the present invention when acting as a server, and the computing device 200 may perform the execution authorization method 400 of the present invention when acting as a client.
Fig. 3 shows a flow chart of an authorization control method 300 according to one embodiment of the invention. The method 300 is suitable for execution in a server 120 (e.g., the aforementioned computing device 200).
As shown in fig. 3, the method 300 begins at step S310.
In step S310, the authorization device of the receiving client 110 obtains the application ciphertext, the first signature information, and the first public key from the application file based on the authorization request of the application program sent by the application file.
It should be noted that, before the authorization device of the client 110 sends the authorization request, an application file is generated based on the device information. Specifically, the authorization apparatus obtains the device information of the client 110, and generates the corresponding device identifier by serializing the device information. Here, the device information of the client 110 includes, for example, a MAC address of an upper gateway, hardware information in the dmi module, and the like, but is not limited thereto. Then, the device identifier is encrypted based on a second public key (a certificate provided by the server and built in the application program), and the application ciphertext is generated after encryption. And then, generating a first private key and a first public key which are matched, and calculating an application ciphertext based on the first private key and a signature algorithm SHA, namely signing the application ciphertext to generate first signature information. And finally, generating an application file based on the application ciphertext, the first signature information and the first public key. In one embodiment, when the authorization device of the client 110 generates the application file, the application ciphertext, the first signature information and the first public key are serialized to obtain the character string information, and then the encoding method is invoked to Encode the character string information into binary data to generate the binary application file. In this way, client 110 may send a binary application file to server 120 requesting that authorization be obtained for the application.
According to one embodiment, based on the binary application file sent by the client 110, in step S310, when the server 120 obtains the data in the application file, a decoding method is required to be called, the application file is decoded based on the decoding method to obtain the character string information, and then the application ciphertext, the first signature information and the first public key are obtained from the character string information.
Subsequently, in step S320, the first signature information is verified based on the first public key provided by the client. If the verification of the first signature information fails, the fact that the application information provided by the client is tampered is indicated, and an authorization file is not provided for the client any more, so that the leakage and multiplexing of the authorization information can be avoided. If the first signature information is verified, step S330 is performed.
In step S330, the application ciphertext is decrypted based on the second private key local to the server, so as to obtain corresponding plaintext content, which is the device identifier after the client performs serialization on the device information, and the device information before serialization is generated by decoding the device identifier.
After generating the device information, the server 120 determines whether the device information obtained based on the application file of the client matches information stored locally by the server, and if not, it indicates that the client attempts to misappropriate the authorization information, and does not return the authorization file to the client. Thus, theft of the authorization information is avoided.
If the device information matching is successful, step S340 is performed.
In step S340, the authorization configuration information is associated with the device information of the client 110, and an authorization file is generated based on the associated authorization configuration information and device information. Here, the authorization configuration information is configuration information related to the authorization of the application. By establishing an association between the authorization configuration information and the device information of the client 110, the authorization configuration information is bound to the client, so that the client 110 can activate its local application program based on the matched authorization configuration information, and obtain the authorization of the application program.
According to one embodiment, when generating an authorization file based on authorization configuration information and device information, the authorization configuration information is first associated with the device information to obtain authorization information, and then the authorization information is encrypted and signed. Specifically, the authorization information is encrypted based on a first public key provided by the client, and an authorization ciphertext is generated. And signing the authorization ciphertext based on a second private key local to the server, and generating second signature information. An authorization file is generated based on the authorization ciphertext, the second signature information, and the second public key. Here, the binary authorization file is also generated by serializing the authorization ciphertext, the second signature information, and the second public key and then encoding the same.
Subsequently, in step S350, the authorization file is transmitted to the client 110, so that the client 110 activates the application based on the authorization file.
Here, since the authorization file is generated by the server 120 by encrypting and signing the authorization information. Therefore, the client 110 needs to verify and decrypt the authorization file after acquiring the authorization file, and then can acquire the authorization information. Specifically, after decoding the binary authorization file, the authorization device in the client 110 obtains the authorization ciphertext, the second signature information and the second public key in the authorization file, verifies the second signature information based on the second public key, decrypts the authorization ciphertext based on the first private key local to the client 110 to obtain authorization information (plaintext), and can activate the application based on the authorization information, thereby obtaining the authorization of the application.
According to an embodiment of the present invention, each set of authorization configuration information for application authorization may be associated with device information of one or more clients 110, respectively, so that authorization files corresponding to the plurality of clients 110, respectively, may be generated based on one set of authorization configuration information. In this way, one copy of the authorization configuration information may be used for authorization of the application by the plurality of clients 110.
It should be noted that the authorization configuration information includes, but is not limited to, a predetermined running time of the application program, an authorization deadline, and a maximum number of devices. In an embodiment according to the present invention, the total length of operation of one or more clients 110 associated with the authorization configuration information cannot exceed a predetermined length of operation.
According to one embodiment, during the running of the authorized application by the client 110, the server 120 also performs step S360.
In step S360, the actual running duration of one or more clients associated with the authorization configuration information (i.e., the clients authorized by the application based on the same authorization configuration information) is acquired periodically, and it is determined whether the acquired actual running duration exceeds the predetermined running duration of the application, so as to determine whether the authorization service of the application expires. Specifically, a predetermined operation duration of the application program is determined according to the obtained authorization configuration information in the authorization file, whether the actual operation duration of one or more clients corresponding to the authorization configuration information exceeds the predetermined operation duration is determined, and when the total operation duration exceeds the predetermined operation duration, the authorization service of the application program is determined to expire, that is, the authorization of the application program in the client 110 associated with the authorization configuration information expires. Here, the actual operation duration refers to a current operation total duration of one or more clients. Upon determining that the application authorization expires, the server may generate a message for the application to expire and send the message to the client 110 to prompt the user for expiration of the authorization service.
According to one embodiment, the actual running duration of the application program by the one or more clients 110 associated with the authorization configuration information is acquired periodically, specifically, the running duration of the service may be recorded by performing a growing operation on the stored field periodically, and if the actual running duration exceeds the configured predetermined running duration, it is determined that the authorization service of the application program expires, and the service is stopped. In this way, the system time is not relied upon, thereby preventing the user from attempting to extend the behavior of the grant expiration time by modifying the system time.
In one embodiment, when the authorization configuration information associates a plurality of clients, a data storage device supporting cron is utilized to record the running durations of the plurality of clients and generate a duration record. In this way, the server 120 can obtain the actual running time of the application program by a plurality of clients by periodically querying the time record. Determining whether the authorization service of the application is expired by comparing whether the actual run lengths of the plurality of clients exceed a predetermined run length in the authorization configuration information.
In yet another embodiment, when the authorization configuration information is associated with one client, timing statistics are performed on the runtime of the one client. For example, by arranging a timer in the client 110, timing statistics are made for the running of the application program, and after the timer is interrupted, the timing statistics are subjected to an increase process. The server 120 periodically obtains the timing statistic value of the running of the application program in the client 110 through the asynchronous detection module, namely, periodically queries the running time of the application program, thereby realizing the acquisition of the actual running time of the client. Determining whether the authorization service of the application is expired by comparing whether the actual run length of the client exceeds a predetermined run length in the authorization configuration information.
According to one embodiment, the present invention may perform the following methods in parallel to determine if an application authorization has expired:
Determining the authorization expiration time of the application program according to the authorization configuration information, judging whether the current use time exceeds the authorization expiration time of the application program, and if so, determining that the authorization of the application program expires. A message may then be generated to indicate to the user that the application has expired. In addition, the maximum equipment number can be determined according to the authorization configuration information, whether the number of the current authorized clients exceeds the maximum equipment number is judged, and if the number of the current authorized clients exceeds the maximum equipment number, the authorization service to the application program is stopped.
Fig. 4 shows a flow chart of an authorization method 400 according to one embodiment of the invention. The method 400 is suitable for execution in a client 110 (e.g., the aforementioned computing device 200).
Specifically, the application program to be authorized is resident in the client 110, and the authorizing device 160 corresponding to the application program to be authorized is resident, where the authorizing device 160 is adapted to execute the authorizing method 400 of the present invention, and by executing the authorizing method 400 of the present invention, activation of the application program in the client 110 can be realized, and authorization of the application program can be obtained.
As shown in fig. 4, the method 400 begins at step S410.
In step S410, device information of the client 110 is acquired, and a corresponding device identifier is generated by serializing the device information. Here, the device information of the client 110 includes, for example, a MAC address of an upper gateway, hardware information in the dmi module, and the like, but is not limited thereto.
Subsequently, in step S420, the device identifier is calculated by encryption based on the second public key (certificate provided by the server and built in the application program), and the application ciphertext is generated after encryption. It should be noted that the second public key, the second private key, is a pair of keys provided by the server 120, the second public key matching the second private key.
Subsequently, in step S430, a first private key and a first public key that are matched are generated, and the application ciphertext is calculated based on the first private key and the signature algorithm SHA, that is, the application ciphertext is signed based on the first private key and the signature algorithm SHA, so as to generate first signature information.
Subsequently, in step S440, an application file is generated based on the application ciphertext, the first signature information, and the first public key. In one embodiment, when the client generates the application file, the application ciphertext, the first signature information and the first public key are serialized to obtain the character string information. Further, the encodings method is called to Encode the string information into binary data to generate a binary application file. After the application file is generated, step S450 may be performed to request acquisition of authorization of the application program.
In step S450, an authorization request for the application program is transmitted to the server 120 based on the application file to request acquisition of an authorization file generated by the server 120 based on the authorization configuration information and the device information. Here, a specific method for generating the authorization file by the server 120 based on the authorization configuration information and the device information is described in the foregoing method 300, which is not described herein.
Finally, in step S460, the authorization information is acquired based on the authorization file, so that the application program is activated based on the authorization information, and the authorization of the application program is obtained.
As described above, the authorization file is generated by the server 120 by encrypting and signing the authorization information. Based on this, the client 110 needs to verify and decrypt the authorization file after acquiring the authorization file, and then can acquire the authorization information. Specifically, after decoding the binary authorization file, the authorization device in the client 110 obtains the authorization ciphertext, the second signature information and the second public key in the authorization file, verifies the second signature information based on the second public key, decrypts the authorization ciphertext based on the first private key local to the client 110 to obtain authorization information (plaintext), and can activate the application program based on the authorization information to obtain the authorization of the application program if the second signature information passes the verification. Here, after the authorization information is decrypted, the device information in the authorization information is also matched with the actual device information local to the client 110, and if the matching is successful, the authorization of the application program can be successfully obtained based on the authorization information. If the match fails, indicating that authorization information may be compromised and multiplexed, the client 110 cannot obtain authorization for the application.
Fig. 5 shows a flow chart of an authorization device 160 according to one embodiment of the invention.
As shown in fig. 5, the authorizing device 160 includes an acquiring module 161, an encrypting module 162, and a requesting module 163 that are sequentially connected. Wherein the obtaining module 161 is adapted to obtain device information of the client, and generate a corresponding device identifier based on the device information. The encryption module 162 is adapted to encrypt the device identifier based on a second public key that matches the second private key to generate an application cryptogram, generate a first private key and a first public key that match, sign the application cryptogram based on the first private key, and generate first signature information. The request module 163 is adapted to generate an application file based on the application ciphertext, the first signature information, and the first public key, and send an authorization request for the application program to the server based on the application file to obtain the authorization file. The decryption module 164 is adapted to obtain authorization information based on the authorization file in order to activate the application based on the authorization information and obtain authorization of the application.
It should be noted that the acquisition module 161 is used for executing the method in step S410 of the authorization method 400, the encryption module 162 is used for executing the method in steps S420-S440 of the authorization method 400, the request module 163 is used for executing the method in step S450 of the authorization method 400, and the decryption module 164 is used for executing the method in step S460 of the authorization method 400. Here, specific execution logic of the acquiring module 161, the encrypting module 162, the requesting module 163, and the decrypting module 164 will not be described in detail.
In summary, according to the authorization scheme of the invention, the client performs digital signature and encryption in the process of generating the application file based on the equipment information, and the server generates the corresponding authorization file and returns the corresponding authorization file to the client only after the application file is successfully checked and decrypted and the equipment information is successfully matched. In addition, the server also performs digital signature and encryption in the process of generating the authorization file, and after the client acquires the authorization file, the client also needs to successfully verify and decrypt the authorization file before acquiring the authorization information provided by the server, so that the authorization of the application program is successfully obtained based on the authorization information. Thus, the disclosure and multiplexing of the authorization information can be prevented, and the theft of the authorization information and the tampering of the authorization configuration information are avoided. In addition, the invention records the running time of the service by performing the increment operation on the stored field at regular time, and can prevent the user from attempting to prolong the authorized expiration time by modifying the system time, thereby ensuring the safety and reliability of the authorized service.
The various techniques described herein may be implemented in connection with hardware or an application or a combination of both. Thus, the methods and apparatus of the present invention, or certain aspects or portions of the methods and apparatus of the present invention, may take the form of program code (i.e., instructions) embodied in tangible media, such as removable hard drives, U-drives, floppy diskettes, CD-ROMs, or any other machine-readable storage medium, wherein, when the program is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention.
In the case of program code execution on programmable computers, the mobile terminal will generally include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. Wherein the memory is configured to store program code and the processor is configured to execute the application authorization method of the invention in accordance with instructions in said program code stored in the memory.
By way of example, and not limitation, readable media comprise readable storage media and communication media. The readable storage medium stores information such as computer readable instructions, data structures, program modules, or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of readable media.
In the description provided herein, algorithms and displays are not inherently related to any particular computer, virtual system, or other apparatus. Various general-purpose systems may also be used with examples of the invention. The required structure for a construction of such a system is apparent from the description above. In addition, the present invention is not directed to any particular programming language. It will be appreciated that the teachings of the present invention described herein may be implemented in a variety of programming languages, and the above description of specific languages is provided for disclosure of enablement and best mode of the present invention.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules or units or components of the devices in the examples disclosed herein may be arranged in a device as described in this embodiment, or alternatively may be located in one or more devices different from the devices in this example. The modules in the foregoing examples may be combined into one module or may be further divided into a plurality of sub-modules.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component and, furthermore, they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments can be used in any combination.
Furthermore, some of the embodiments are described herein as methods or combinations of method elements that may be implemented by a processor of a computer system or by other means of performing the functions. Thus, a processor with the necessary instructions for implementing the described method or method element forms a means for implementing the method or method element. Furthermore, the elements of the apparatus embodiments described herein are examples of apparatus for performing the functions performed by the elements for the purpose of practicing the invention.
As used herein, unless otherwise specified the use of the ordinal terms "first," "second," "third," etc., to describe a general object merely denote different instances of like objects, and are not intended to imply that the objects so described must have a given order, either temporally, spatially, in ranking, or in any other manner.
While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of the above description, will appreciate that other embodiments are contemplated within the scope of the invention as described herein. Furthermore, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter. Accordingly, many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the appended claims. The disclosure of the present invention is intended to be illustrative, but not limiting, of the scope of the invention, which is defined by the appended claims.

Claims (9)

1. An authorization control method performed in a server, the server being in intranet-based communication connection with a client, wherein the client is adapted to generate and provide a first key pair comprising a first private key and a first public key that match each other, the server being adapted to generate and provide a second key pair comprising a second private key and a second public key that match each other, the method comprising:
receiving an authorization request of an application program sent by a client based on an application file, calling a decoding method to Decode the application file to obtain character string information, and acquiring an application ciphertext, first signature information and a first public key from the character string information;
verifying the first signature information based on the first public key;
If the first signature information passes verification, decrypting the application ciphertext based on a second private key to obtain a device identifier of the client, and generating corresponding device information based on the device identifier;
Establishing association between authorization configuration information and the equipment information, generating authorization information, encrypting the authorization information based on a first public key, generating an authorization ciphertext, signing the authorization ciphertext based on a second private key, generating second signature information, and generating an authorization file based on the authorization ciphertext, the second signature information and the second public key;
Transmitting an authorization file to a client so that the client obtains an authorization ciphertext, second signature information and a second public key based on the authorization file, verifying the second signature information based on the second public key, decrypting the authorization ciphertext based on the first private key if the second signature information is verified, obtaining authorization information, and activating an application based on the authorization information, and
The method comprises the steps of acquiring actual operation time lengths of one or more clients associated with authorization configuration information at fixed time, determining preset operation time lengths of application programs according to the authorization configuration information, and judging whether the actual operation time lengths exceed the preset operation time lengths of the application programs or not so as to determine whether application program authorization is due or not.
2. The method of claim 1, wherein the step of determining whether the actual operating time period exceeds a predetermined operating time period of the application program comprises:
if it is determined that the actual operating time period exceeds the predetermined operating time period, it is determined that the application authorization expires.
3. The method of claim 1, wherein the step of periodically obtaining the actual run lengths of the one or more clients associated with the authorization configuration information comprises:
when the authorization configuration information is associated with a plurality of clients, recording the running time of the clients, and generating a time record;
And inquiring the time length record at regular time to acquire the actual running time lengths of the plurality of clients.
4. The method of claim 1, wherein the step of periodically obtaining the actual run lengths of the one or more clients associated with the authorization configuration information comprises:
When the authorization configuration information is associated with a client, counting the running time of the client;
and acquiring timing statistics at fixed time to acquire the actual running time of the client.
5. The method of any of claims 1-4, wherein the authorization configuration information includes a predetermined run length of the application, an authorization expiration time, and the step of determining whether the application authorization has expired further comprises:
And judging whether the current use time exceeds the authorization expiration time of the application program, and if so, determining that the authorization of the application program expires.
6. An authorization method performed at a client, the client being in an intranet-based communication connection with a server, wherein the client is adapted to generate and provide a first key pair comprising a first private key and a first public key that match each other, the server being adapted to generate and provide a second key pair comprising a second private key and a second public key that match each other, the method comprising the steps of:
acquiring equipment information of a client, and generating a corresponding equipment identifier based on the equipment information;
encrypting the equipment identifier based on a second public key to generate an application ciphertext, wherein the second public key is matched with a second private key;
Generating a first private key and a first public key which are matched, and signing the application ciphertext based on the first private key to generate first signature information;
generating an application file based on the application ciphertext, the first signature information and the first public key;
Sending an authorization request for an application program to a server based on an application file to acquire an authorization file generated by the server, wherein the server is suitable for establishing association between authorization configuration information and equipment information to generate authorization information, encrypting the authorization information based on a first public key to generate an authorization ciphertext, signing the authorization ciphertext based on a second private key to generate second signature information, generating the authorization file based on the authorization ciphertext, the second signature information and the second public key, acquiring actual operation time lengths of one or more clients associated with the authorization configuration information at regular time, determining the preset operation time length of the application program according to the authorization configuration information, judging whether the actual operation time length exceeds the preset operation time length of the application program, and determining whether the authorization of the application program is expired;
And acquiring an authorization ciphertext, second signature information and a second public key based on the authorization file, verifying the second signature information based on the second public key, and decrypting the authorization ciphertext based on the first private key if the second signature information passes verification to obtain the authorization information so as to activate the application program based on the authorization information.
7. An authorization apparatus residing on a client, the client in an intranet-based communication connection with a server, wherein the client is adapted to generate and provide a first key pair comprising a first private key and a first public key that match each other, the server is adapted to generate and provide a second key pair comprising a second private key and a second public key that match each other, the apparatus comprising:
The acquisition module is suitable for acquiring the equipment information of the client and generating a corresponding equipment identifier based on the equipment information;
The encryption module is suitable for encrypting the equipment identifier based on a second public key matched with the second private key to generate an application ciphertext; generating a first private key and a first public key which are matched, and signing the application ciphertext based on the first private key to generate first signature information;
A request module adapted to generate an application file based on the application ciphertext, first signature information and a first public key, send an authorization request for an application program to a server based on the application file to obtain a server-generated authorization file, wherein the server is adapted to associate authorization configuration information with the device information, generate authorization information, encrypt the authorization information based on the first public key, generate an authorization ciphertext, sign the authorization ciphertext based on a second private key, generate second signature information, generate an authorization file based on the authorization ciphertext, the second signature information and the second public key, and be adapted to periodically obtain actual operating durations of one or more clients associated with the authorization configuration information, determine a predetermined operating duration of the application program based on the authorization configuration information, determine whether the actual operating duration exceeds the predetermined operating duration of the application program to determine whether the application program authorization expires, and
And the decryption module is suitable for acquiring the authorization ciphertext, the second signature information and the second public key based on the authorization file, verifying the second signature information based on the second public key, and decrypting the authorization ciphertext based on the first private key to obtain the authorization information if the second signature information passes verification so as to activate the application program based on the authorization information.
8. A computing device, comprising:
at least one processor, and
A memory storing program instructions, wherein the program instructions are configured to be adapted to be executed by the at least one processor, the program instructions comprising instructions for performing the method of any of claims 1-5.
9. A readable storage medium storing program instructions which, when read and executed by a computing device, cause the computing device to perform the method of any of claims 1-5.
CN202110620146.6A 2021-03-24 2021-03-24 Authorization control method, authorization method, device and computing device Active CN113326482B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110620146.6A CN113326482B (en) 2021-03-24 2021-03-24 Authorization control method, authorization method, device and computing device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110620146.6A CN113326482B (en) 2021-03-24 2021-03-24 Authorization control method, authorization method, device and computing device
CN202110310664.8A CN112699342B (en) 2021-03-24 2021-03-24 Authorization control method, authorization method, device and computing device

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN202110310664.8A Division CN112699342B (en) 2021-03-24 2021-03-24 Authorization control method, authorization method, device and computing device

Publications (2)

Publication Number Publication Date
CN113326482A CN113326482A (en) 2021-08-31
CN113326482B true CN113326482B (en) 2025-04-22

Family

ID=75515626

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202110620146.6A Active CN113326482B (en) 2021-03-24 2021-03-24 Authorization control method, authorization method, device and computing device
CN202110310664.8A Active CN112699342B (en) 2021-03-24 2021-03-24 Authorization control method, authorization method, device and computing device

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202110310664.8A Active CN112699342B (en) 2021-03-24 2021-03-24 Authorization control method, authorization method, device and computing device

Country Status (1)

Country Link
CN (2) CN113326482B (en)

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113326482B (en) * 2021-03-24 2025-04-22 统信软件技术有限公司 Authorization control method, authorization method, device and computing device
CN113242224B (en) * 2021-04-30 2022-08-30 北京市商汤科技开发有限公司 Authorization method and device, electronic equipment and storage medium
CN113536334A (en) * 2021-06-09 2021-10-22 佛山市青松科技股份有限公司 Authorization verification method, module and system
CN113378119B (en) * 2021-06-25 2023-04-07 成都卫士通信息产业股份有限公司 Software authorization method, device, equipment and storage medium
CN113612744B (en) * 2021-07-23 2023-09-22 天津中新智冠信息技术有限公司 Remote authorization system and method
CN113543123B (en) * 2021-07-23 2024-02-20 闻泰通讯股份有限公司 Method and device for dynamically setting authority of wireless network
CN113672951A (en) * 2021-08-03 2021-11-19 浙江大华技术股份有限公司 A kind of authorization method, apparatus, computer equipment and storage medium
CN113742706A (en) * 2021-09-08 2021-12-03 杭州涂鸦信息技术有限公司 Authorization authentication method, device and medium for application program
CN113779511B (en) * 2021-09-14 2024-06-28 湖南麒麟信安科技股份有限公司 Software authorization method, device, server and readable storage medium
CN113987421A (en) * 2021-11-01 2022-01-28 北京朝歌数码科技股份有限公司 Software authorization method, system and storage medium
CN114357385A (en) * 2021-12-24 2022-04-15 北京鼎普科技股份有限公司 A software protection and authorization method, system and device
CN114465803B (en) * 2022-02-15 2024-03-01 阿里巴巴(中国)有限公司 Object authorization method, device, system and storage medium
CN114186199B (en) * 2022-02-15 2022-06-28 北京安帝科技有限公司 License authorization method and device
CN114925336A (en) * 2022-05-06 2022-08-19 统信软件技术有限公司 Method and system for activating software
CN115086053B (en) * 2022-06-23 2024-08-27 支付宝(杭州)信息技术有限公司 Method and system for identifying camouflaged devices
CN115080928B (en) * 2022-06-30 2024-07-30 北京亚控科技发展有限公司 Application authorization management method and related equipment
CN115374405B (en) * 2022-08-22 2024-02-20 广州鼎甲计算机科技有限公司 Software authorization method, license authorization method, device, equipment and storage medium
CN116545658A (en) * 2022-11-09 2023-08-04 阿里巴巴(中国)有限公司 Method, system and device for confirming authority
CN115795438B (en) * 2022-12-20 2024-10-01 东信和平科技股份有限公司 Method, system and readable storage medium for authorizing application program
CN115859337B (en) * 2023-02-14 2023-05-16 杭州大晚成信息科技有限公司 Kernel-based method, equipment, server and medium for preventing equipment from cracking
CN115964681A (en) * 2023-03-16 2023-04-14 北京艾瑞数智科技有限公司 Generation method of certificate file of target application program
CN117201068B (en) * 2023-07-27 2025-09-09 山东浪潮爱购云链信息科技有限公司 RSA-based encryption transmission method, device and medium
CN117077111A (en) * 2023-08-08 2023-11-17 中移互联网有限公司 Authorization method, device, system, equipment and storage medium
CN118779849B (en) * 2024-09-10 2025-01-14 深圳拓安信物联股份有限公司 Software authorization method, system and readable storage medium
CN120296771B (en) * 2025-06-10 2025-09-12 山东英信计算机技术有限公司 Function authorization method, electronic device, program product and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112699342B (en) * 2021-03-24 2021-07-16 统信软件技术有限公司 Authorization control method, authorization method, device and computing device

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10846694B2 (en) * 2014-05-21 2020-11-24 Visa International Service Association Offline authentication
US9673975B1 (en) * 2015-06-26 2017-06-06 EMC IP Holding Company LLC Cryptographic key splitting for offline and online data protection
CN110968844B (en) * 2019-12-02 2021-12-17 卫盈联信息技术(深圳)有限公司 Software authorization method in off-line state, server and readable storage medium
CN111901321A (en) * 2020-07-17 2020-11-06 云账户技术(天津)有限公司 Authentication method, device, electronic equipment and readable storage medium
CN112165382B (en) * 2020-09-28 2023-09-08 大唐高鸿信安(浙江)信息科技有限公司 Software authorization method and device, authorization server side and terminal equipment
CN112347428A (en) * 2020-11-20 2021-02-09 浙江百应科技有限公司 Distributed software product off-line authorization method
CN112182550A (en) * 2020-11-30 2021-01-05 统信软件技术有限公司 Authorization method, authorization system, activation device and computing equipment for application program

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112699342B (en) * 2021-03-24 2021-07-16 统信软件技术有限公司 Authorization control method, authorization method, device and computing device

Also Published As

Publication number Publication date
CN113326482A (en) 2021-08-31
CN112699342B (en) 2021-07-16
CN112699342A (en) 2021-04-23

Similar Documents

Publication Publication Date Title
CN113326482B (en) Authorization control method, authorization method, device and computing device
CN109522726B (en) Authentication method for applet, server and computer readable storage medium
US9847880B2 (en) Techniques for ensuring authentication and integrity of communications
EP1301863B1 (en) Systems and methods for integrity certification and verification of content consumption environments
US20200311309A1 (en) Encryption techniques for cookie security
US7240201B2 (en) Method and apparatus to provide secure communication between systems
US9520990B2 (en) System and method for software protection and secure software distribution
US20070157318A1 (en) Method and apparatus for managing digital rights of secure removable media
CN101443774A (en) Optimized integrity verification procedures
CN107689870A (en) Client method for authenticating and system
CN115374405B (en) Software authorization method, license authorization method, device, equipment and storage medium
CN110661817B (en) Resource access method and device and service gateway
WO2013086901A1 (en) Checking method and apparatus for field replaceable unit, and communication device
CN103138939A (en) Secret key use time management method based on credible platform module under cloud storage mode
CN112685786B (en) Financial data encryption and decryption method, system, equipment and storage medium
CN111367532A (en) Local deployment method, device, equipment and storage medium for software license
CN115242553B (en) Data exchange method and system supporting safe multi-party calculation
CN113868604B (en) Software authorization method, system, device and computer readable storage medium
CN112565265A (en) Authentication method, authentication system and communication method between terminal devices of Internet of things
US11399015B2 (en) Data security tool
US20090025061A1 (en) Conditional peer-to-peer trust in the absence of certificates pertaining to mutually trusted entities
TWI817002B (en) Method and device for uploading and downloading file, computer device and medium
US7493488B2 (en) Method to disable on/off capacity in demand
CN102156826A (en) Provider management method and provider management system
CN114817957B (en) Encrypted partition access control method, system and computing device based on domain management platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载