CN113378119B - Software authorization method, device, equipment and storage medium - Google Patents
Software authorization method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN113378119B CN113378119B CN202110712687.1A CN202110712687A CN113378119B CN 113378119 B CN113378119 B CN 113378119B CN 202110712687 A CN202110712687 A CN 202110712687A CN 113378119 B CN113378119 B CN 113378119B
- Authority
- CN
- China
- Prior art keywords
- information
- authority
- key
- authorization
- storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Storage Device Security (AREA)
Abstract
The present disclosure relates to a software authorization method, which is applied to an authorization server, wherein the authorization server is deployed with an intelligent password key, and the method comprises: receiving an authorization application sent by an authorization client; acquiring hardware characteristic information of a target terminal where an authorized client is located; generating an authority file based on the hardware characteristic information and the authority key information in the intelligent password key; and issuing the authority file to the authorization client so that the authorization client determines whether to allow the software to be protected to run in the target terminal based on the authority file. By applying the technical scheme provided by the disclosure, only the authorization client is required to be deployed on the terminal side, and other hardware modules are not required to be added, so that the deployment cost can be reduced, the software authorization on the terminal is realized at lower deployment cost, and the use of software by a user is facilitated. The disclosure also discloses another software authorization method applied to the authorization client, a software authorization device, equipment and a storage medium, and has corresponding technical effects.
Description
Technical Field
The present disclosure relates to the field of computer application technologies, and in particular, to a software authorization method, apparatus, device, and storage medium.
Background
With the rapid development of computer technology, various types of software that can be installed and run in terminals are increasing. Some software can be operated in the terminal only under the condition of authorization. The software authorization is provided on the basis of software protection, so that the software can be effectively protected from being illegally copied and used.
At present, software authorization is mostly realized based on hardware modules, for example, a dongle or an optical disc is used, corresponding hardware modules need to be added in a terminal to run software to be protected, deployment cost is high, and some terminals are not suitable for adding hardware modules, so that the software to be protected cannot be normally run, and inconvenience is brought to users for using the software.
Disclosure of Invention
The invention aims to provide a software authorization method, a software authorization device, software authorization equipment and a storage medium, so that software authorization on a terminal is realized through lower deployment cost, and a user can use the software conveniently.
In order to solve the technical problem, the present disclosure provides the following technical solutions:
a software authorization method is applied to an authorization server, wherein an intelligent password key is deployed at the authorization server, and the method comprises the following steps:
receiving an authorization application sent by an authorization client;
acquiring hardware characteristic information of a target terminal where the authorization client is located;
generating an authority file based on the hardware characteristic information and the authority key information in the intelligent password key;
and issuing the authority file to the authorization client so that the authorization client determines whether to allow the software to be protected to run in the target terminal based on the authority file.
In a specific embodiment of the present disclosure, the generating a permission file based on the hardware feature information and the permission key information in the smart key includes:
generating authority privacy information according to the hardware characteristic information and authority key information in the intelligent password key;
determining storage information of the authority privacy information, wherein the storage information comprises a storage position and a storage starting point in the storage position;
and generating an authority file based on the authority privacy information and the storage information.
In a specific embodiment of the present disclosure, the generating an authority file based on the authority privacy information and the storage information includes:
signing the storage information by using a private key in the authority key information to obtain a storage signature value;
and generating an authority file based on the authority privacy information, the storage information signature value and a certificate of a public key in the authority key information.
In a specific embodiment of the present disclosure, the storage information further includes random information.
In a specific embodiment of the present disclosure, the smart cryptographic key includes an authority key information ciphertext and a symmetric key ciphertext, the symmetric key ciphertext is a ciphertext obtained by encrypting a symmetric key using a public key of the smart cryptographic key, and the authority key information ciphertext is a ciphertext obtained by encrypting authority key information using the symmetric key;
acquiring the authority key information by the following steps:
decrypting the symmetric key ciphertext by using the private key of the intelligent cipher key to obtain the symmetric key;
and decrypting the authority key information ciphertext by using the symmetric key to obtain the authority key information.
In a specific embodiment of the present disclosure, after the generating the rights file, the method further includes:
and updating the authority key information in the intelligent password key.
A software authorization method is applied to an authorization client, and comprises the following steps:
sending an authorization application to an authorization server to enable the authorization server to obtain hardware characteristic information of a target terminal where an authorization client is located, and generating an authority file based on the hardware characteristic information and authority key information in a deployed intelligent password key;
receiving the authority file issued by the authorization server;
verifying the authority file;
and determining whether to allow the software to be protected to run in the target terminal according to the verification result.
In a specific embodiment of the present disclosure, the verifying the authority file includes:
determining whether the stored information is complete or not based on a certificate of a public key in the authority key information and the stored information signature value;
if the stored information is complete, acquiring the authority privacy information according to the stored information;
and performing permission verification based on the permission privacy information.
A software authorization device is applied to an authorization server, wherein an intelligent password key is deployed at the authorization server, and the device comprises:
the authorization application receiving module is used for receiving an authorization application sent by an authorization client;
the hardware characteristic acquisition module is used for acquiring hardware characteristic information of a target terminal where the authorization client is located;
the authority file generating module is used for generating an authority file based on the hardware characteristic information and the authority key information in the intelligent password key;
and the authority file issuing module is used for issuing the authority file to the authorization client so that the authorization client determines whether to allow the software to be protected to run in the target terminal or not based on the authority file.
A software authorization apparatus applied to an authorization client, the apparatus comprising:
the authorization application sending module is used for sending an authorization application to an authorization server so that the authorization server can obtain the hardware characteristic information of a target terminal where the authorization client is located, and generate an authority file based on the hardware characteristic information and authority key information in the deployed intelligent password key;
the authority file receiving module is used for receiving the authority file issued by the authorization server;
the authority file verification module is used for verifying the authority file;
and the software authorization determining module is used for determining whether to allow the software to be protected to run in the target terminal according to the verification result.
A software authorization device comprising:
a memory for storing a computer program;
a processor for implementing the steps of any of the above software authorization methods when executing the computer program.
A computer readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of any of the software authorization methods described above.
By applying the technical scheme provided by the embodiment of the disclosure, the authorization server can be independently deployed on devices such as a server, the intelligent password key is deployed in the authorization server, only the authorization client needs to be deployed on the terminal side, other hardware modules do not need to be added, the deployment cost can be reduced, the software authorization on the terminal is realized at lower deployment cost, and the use of software by a user is facilitated.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a schematic structural diagram of an authorization system according to an embodiment of the disclosure;
FIG. 2 is a flowchart illustrating an implementation of a software authorization method according to an embodiment of the disclosure;
FIG. 3 is a flow chart of another implementation of a software authorization method in an embodiment of the present disclosure;
FIG. 4 is a schematic structural diagram of a software authorization apparatus according to an embodiment of the present disclosure;
FIG. 5 is a schematic structural diagram of another software authorization apparatus according to an embodiment of the present disclosure;
FIG. 6 is a schematic structural diagram of a software authorization device according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of another software authorization device in the embodiment of the present disclosure.
Detailed Description
The core of the disclosure is to provide a software authorization method. The method may be implemented by an authorization system, which may include an authorization server 110 and an authorization client 120, as shown in fig. 1. The authorization server 110 may be deployed with a smart key, and the authorization client 120 is deployed in a target terminal and may communicate with the authorization server 110. The target terminal can be any one of a mobile phone, a tablet computer, a notebook computer, a desktop computer and the like which can run software to be protected. The key fob may be shipped to the user by the manufacturer for use with the authorization server 110.
The authorization server 110 may receive the authorization application sent by the authorization client 120, obtain hardware feature information of a target terminal where the authorization client 120 is located, generate a permission file based on the hardware feature information and permission key information in the smart key, and issue the permission file to the authorization client 120, so that the authorization client 120 may determine whether to allow the target terminal to run software to be protected based on the permission file.
The authorization server 110 may be separately deployed on a server or other devices, and a smart key is deployed therein, so that only an authorization client needs to be deployed on the terminal side without adding other hardware modules, which may reduce deployment cost, implement software authorization on the terminal with lower deployment cost, and facilitate users to use software. Moreover, because of the limitation of the smart key, no matter the authorization server 110 is in the internet or in an independent network environment, the security of the authorization server 110 can be guaranteed, and the invalidation of software protection caused by operations such as malicious reset of the authorization server 110 can be avoided.
The present disclosure is described in further detail below with reference to the accompanying drawings and detailed description, in order to enable those skilled in the art to better understand the disclosure. It is to be understood that the described embodiments are merely illustrative of some, and not restrictive, of the embodiments of the disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
Referring to fig. 2, an implementation flowchart of a software protection method provided in the embodiment of the present disclosure is shown, where the method may be applied to an authorization server, and the authorization server is deployed with an intelligent password key, and the method may include the following steps:
s210: and receiving an authorization application sent by an authorization client.
In practical application, a user can send an authorization application to an authorization server through an authorization client according to actual needs. After receiving the authorization application sent by the authorization client, the authorization server may continue to perform the operation of step S220.
S220: and acquiring hardware characteristic information of a target terminal where the authorized client is located.
After receiving the authorization application sent by the authorization client, the authorization server can obtain the hardware characteristic information of the target terminal where the authorization client is located according to the authorization application. The hardware feature information of the target terminal may uniquely represent the target terminal, such as a Media Access Control Address (MAC) value of the target terminal.
S230: and generating an authority file based on the hardware characteristic information and the authority key information in the intelligent password key.
After the authorization server acquires the hardware characteristic information of the target terminal where the authorization client is located, the authorization server can generate an authorization file based on the hardware characteristic information and the authorization key information in the intelligent password key.
The authority key information in the intelligent password key can comprise the total number of authorities, the remaining number of authorities, the validity period of authorities, public and private keys of an authorization server and the like.
The rights key information data format is as follows:
the method comprises the steps that int and char represent data types, control Num represents the total number of rights and is a key for control, a user can be prevented from issuing rights beyond a limited total number, leftNum represents the remaining number of rights, start represents the starting time of a rights validity period, end represents the ending time of the rights validity period, pubkey represents a public key of an authorization server, and prvKey represents a private key of the authorization server.
In the using process, the situation that the authorization server system is reset and all data are cleared can occur, and in the situation, the control on the total number of the authority cannot be influenced because the authority key information is stored in the intelligent password key.
Based on the hardware characteristic information and the authority key information, whether an authority file can be generated at present can be determined, and the generated authority file can contain information such as hardware characteristic information, the total number of authorities, the current ordinal number of authorities, the validity period of authorities and the like of the target terminal.
S240: and issuing the authority file to the authorization client so that the authorization client determines whether to allow the software to be protected to run in the target terminal based on the authority file.
The authorization server side generates a permission file based on the hardware characteristic information and the permission key information in the intelligent password key, and then sends the permission file to the authorization client side, so that the authorization client side can determine whether to allow the software to be protected to run in the target terminal based on the permission file. Specifically, the authorization client may verify the rights file and determine the integrity of the rights file. If the verification is passed, the software to be protected is determined to be allowed to run in the target terminal so as to be convenient for the user to use under the condition of software authorization. And if the verification is not passed, determining that the software to be protected is not allowed to run in the target terminal so as to limit the use of the software and protect the software. And under the condition that the verification is not passed, the authorization client side can output permission limitation prompt information so that the user can conveniently perform problem troubleshooting.
By applying the method provided by the embodiment of the disclosure, the authorization server can be independently deployed on devices such as a server, the intelligent password key is deployed in the authorization server, only the authorization client needs to be deployed on the terminal side, other hardware modules do not need to be added, the deployment cost can be reduced, the software authorization on the terminal is realized at lower deployment cost, and the use of software by a user is facilitated. Moreover, because of the limitation of the intelligent password key, the security of the authorization server can be guaranteed no matter the authorization server is in the internet or in an independent network environment, and the invalidation of software protection caused by operations such as malicious reset of the authorization server can be avoided.
In one embodiment of the present disclosure, step S230 may include the steps of:
the method comprises the following steps: generating authority privacy information according to the hardware characteristic information and the authority key information in the intelligent password key;
step two: determining storage information of the authority privacy information, wherein the storage information comprises a storage position and a storage starting point in the storage position;
step three: and generating an authority file based on the authority privacy information and the storage information.
For convenience of description, the above three steps are combined for illustration.
And after the authorization server receives the authorization application sent by the authorization client and acquires the hardware characteristic information of the target terminal where the authorization client is located, the authorization server can generate the authority privacy information according to the hardware characteristic information and the authority key information in the intelligent password key.
As described above, the authority key information in the smart key may include information such as the total number of authorities, the remaining number of authorities, the validity period of authorities, and the public and private keys of the authorization server.
And determining whether the assignable authority exists at present according to the total number of the authorities, the residual number of the authorities and the like in the authority key information, and if so, determining the current ordinal number of the authorities based on the total number of the authorities and the residual number of the authorities. If the total number of permissions is 10, the remaining number of permissions is 3, and the initial ordinal number of permissions is 0, then it can be determined that the current ordinal number of permissions is 7. If it is determined that no rights are currently assignable, a reminder of the exhaustion of rights may be returned to the authorizing client. This prevents the software to be protected from running on the target terminal where the authorized client is located.
According to the authority validity period in the authority key information, the current authority validity period can be determined.
Specifically, the authority privacy information may include hardware feature information, total authority amount, current authority ordinal number, authority validity period, and other information of the target terminal.
The data format of the authority privacy information can be as follows:
wherein, control num represents the total number of the authority, which is the same as the total number of the authority in the authority key information, currentNum represents the current ordinal number of the authority, mac represents the hardware characteristic information of the target terminal, start represents the starting time of the authority validity period, end represents the ending time of the authority validity period, which is the same as the starting time and the ending time of the authority validity period in the authority key information.
After the authority privacy information is generated, storage information of the authority privacy information can be further determined, and the storage information can include a storage position and a storage starting point in the storage position. The storage location refers to a storage location of the authority privacy information.
Based on the permission privacy information and the storage information, a permission file may be generated. The authority file includes information such as authority privacy information and storage information.
After the authorization server issues the authority file to the authorization client, the authorization client can determine the storage position of the authority privacy information and the storage starting point at the storage position through the storage information in the authority file, and can read the authority privacy information, so that whether the software to be protected is allowed to run in the target terminal or not can be determined based on the authority privacy information.
In a specific embodiment of the present disclosure, generating the authority file based on the authority privacy information and the storage information may specifically include the following steps:
the first step is as follows: signing the stored information by using a private key in the authority key information to obtain a stored signature value;
the second step is that: and generating an authority file based on the authority privacy information, the storage information signature value and the certificate of the public key in the authority key information.
For convenience of description, the above two steps are combined for illustration.
In the embodiment of the present disclosure, the authority key information may include a public key and a private key of the authorization server. The authorization server generates authority privacy information according to the hardware characteristic information and authority key information in the intelligent password key, after the storage information of the authority privacy information is determined, the storage information can be signed by using a private key in the authority key information to obtain a stored information signature value, and then an authority file is generated based on the authority privacy information, the storage information, the stored information signature value and a certificate of a public key in the authority key information. The authority file thus generated may include authority privacy information, storage information, a certificate storing a public key in the information signature value and the authority key information, and the like.
The authority file comprises authority privacy information, storage information, a storage information signature value and a certificate of a public key in the authority key information, after the authorization client receives the authority file, the public key of the authorization server can be obtained from the certificate of the public key in the authority file information, and whether the storage information is complete or not is determined by using the public key of the authorization server and the storage information signature value. If the stored information can be signed by using the public key of the authorization server, whether the signature value obtained currently is the same as the signature value of the stored information contained in the authority file or not is determined, if so, the stored information in the authority file can be determined to be complete, otherwise, the stored information in the authority file can be determined to be incomplete. If the storage information in the authority file is determined to be complete, the authority privacy information can be obtained according to the storage information, and therefore authority verification is conducted based on the authority privacy information.
In one embodiment of the present disclosure, the deposit information may further include random information. That is, the storage information includes the storage location, the storage start point in the storage location, and the random information. The data length of the random information may be the same as the data length of the storage location and the storage start point in the storage location to mask the values of the storage location and the storage start point. The safety of information storage is enhanced, and the condition that the authority privacy information is maliciously acquired is avoided.
The overall file structure of the rights file may be as follows:
wherein pivotal represents the storage position of the authority privacy information, pos represents the storage starting point of the authority privacy information in the storage position, random represents random information and is used for covering pos and pivotal values, field sign is used for signing the first three fields by using a private key prvKey in the authority key information, for example, signature is carried out by using an SM2 algorithm to obtain a storage signature value, and cert is a certificate corresponding to a public key in the authority key information.
It should be further noted that after the authority file is issued to the authorized client, the authority file can be prevented from being cracked violently or being counterfeited by the sign value. The sign value is obtained by using a private key prvKey signature in the authority key information, only pubkey in the authority key information can verify the sign value, and cert is a certificate of an authorization server side in the authority file and is generated based on pubkey. The authorized client performs signature verification on the authority file, and can determine the validity and whether the file is tampered.
When the authority file is verified, the random can restore the pivot information by performing XOR operation again based on the pivot and pos, and the pos indicates typedeffsstruct _ pivot _ Info in the array of the pivot [ MAX _ pivot _ LEN ]
By taking data of length 32+4 from the start position, the real information of PivInfo can be obtained. Through PivInfo information, the total number of the rights, namely the total control number of the rights file, the current ordinal number of the rights, mac, the starting time and the ending time, can be determined.
When the authorization client side verifies the authority file, whether the current ordinal number of the authority is smaller than the total number of the authority can be verified firstly, whether the mac conforms to the mac of the terminal where the authorization client side is located can be verified, and whether the time of the terminal where the authorization client side is located is between the starting time and the ending time can be verified finally.
And the authority file is verified on the authorized client, the signature information (SM 2) of the authority file is verified by using a soft algorithm module, and if the authority file passes the verification, the authority file is not tampered.
In one embodiment of the present disclosure, the smart cryptographic key includes an authority key information ciphertext and a symmetric key ciphertext, the symmetric key ciphertext is a ciphertext obtained by encrypting the symmetric key using a public key of the smart cryptographic key, and the authority key information ciphertext is a ciphertext obtained by encrypting the authority key information using the symmetric key; the method comprises the following steps of:
the method comprises the following steps: decrypting the symmetric key ciphertext by using the private key of the intelligent cipher key to obtain a symmetric key;
step two: and decrypting the authority key information ciphertext by using the symmetric key to obtain the authority key information.
For convenience of description, the above two steps are combined for illustration.
In the embodiment of the present disclosure, in order to improve security, the authority key information included in the smart key may be in a form of a ciphertext. The smart key may contain an authority key information ciphertext and a symmetric key ciphertext. The symmetric key ciphertext is a ciphertext obtained by encrypting the symmetric key by using a public key of the intelligent cryptographic key, the authority key information ciphertext is a ciphertext obtained by encrypting the authority key information by using the symmetric key, and the SM1 algorithm can be used for encryption protection.
The authorization server side can obtain the private key handle of the intelligent key through calling the interface of the intelligent cipher key, so that the symmetric key ciphertext can be decrypted by using the private key of the intelligent key to obtain the symmetric key, and then the authority key information ciphertext is decrypted by using the symmetric key to obtain the authority key information. And generating the authority file by using the authority key information.
The authority key information is stored in the intelligent key in a ciphertext mode, so that the safety of the authority key information can be improved, and the condition that the authority is abused due to tampering of the authority key information is effectively avoided.
In one embodiment of the present disclosure, after the rights file is generated, the rights key information in the smart key may also be updated.
It is understood that a certain number of rights may be consumed per authorized application for a given total number of rights. After receiving the authorization application sent by the authorization client and generating the authority file, the authorization server can update the authority key information in the intelligent key, specifically, the remaining number of the authority can be updated, so that when receiving the authorization application again, the authority file can be generated based on the updated authority key information.
In the method, firstly symmetric encryption is carried out, and then an asymmetric key is used for protecting the symmetric key, which is mainly because the asymmetric private key for protecting the symmetric key cannot be safely stored in a soft algorithm module, but can be safely stored in an intelligent cipher key of an authorization server. If the authority file is stored in the intelligent password key, each authorized client needs to be matched with the intelligent password key and a hardware module, and the cost is high. According to the method and the system, an additional hardware module is not required to be added to the authorized client, so that the deployment cost can be reduced.
It should be noted that, during the use process, the obtained rights file may be lost for some reason, and in this case, the user may send an authorization application to the authorization server again through the authorization client. Therefore, multiple authorization applications of the authorization client on the same terminal occur, the hardware characteristic information of the terminal where the authorization client is located, which is acquired by the authorization server, is the same as the hardware characteristic information in the generated authority file, the regenerated authority file is the same as the authority file which is generated before, and the number of authorities cannot be consumed.
The above is mainly a description of the software authorization method provided by the present disclosure from the perspective of an authorization server, and the method is further described below from the perspective of an authorization client.
Referring to fig. 3, the method may be applied to an authorization client, and may include the following steps:
s310: sending an authorization application to an authorization server to enable the authorization server to obtain hardware characteristic information of a target terminal where an authorization client is located, and generating an authority file based on the hardware characteristic information and authority key information in a deployed intelligent password key;
s320: receiving a permission file issued by an authorization server;
s330: verifying the authority file;
s340: and determining whether to allow the software to be protected to run in the target terminal according to the verification result.
For convenience of description, the above steps are combined for illustration.
The user can send an authorization application to the authorization server through the authorization client according to actual needs. After receiving the authorization application sent by the authorization client, the authorization server can obtain the hardware characteristic information of the target terminal where the authorization client is located according to the authorization application, generate an authorization file based on the hardware characteristic information and the authorization key information in the intelligent password key, and send the authorization file to the authorization client.
The authority key information in the intelligent password key can comprise information such as the total number of authorities, the remaining number of authorities, the validity period of authorities, public and private keys of an authorization server and the like. The generated authority file may include information such as hardware feature information, total number of authorities, current ordinal number of authorities, validity period of authorities, etc. of the target terminal.
After receiving the authority file issued by the authorization server, the authorization client can verify the authority file and determine the integrity of the authority file. And determining whether to allow the target terminal to run the software to be protected according to the verification result. If the verification is passed, the software to be protected is determined to be allowed to run in the target terminal so as to be convenient for the user to use under the condition of software authorization. And if the verification is not passed, determining that the software to be protected is not allowed to run in the target terminal so as to limit the use of the software and protect the software. And under the condition that the verification is not passed, the authorization client side can output permission limitation prompt information so that the user can conveniently perform problem troubleshooting.
By applying the method provided by the embodiment of the disclosure, the authorization server can be independently deployed on devices such as a server, the intelligent password key is deployed in the authorization server, only the authorization client needs to be deployed on the terminal side, other hardware modules do not need to be added, the deployment cost can be reduced, the software authorization on the terminal is realized at lower deployment cost, and the use of software by a user is facilitated. Moreover, because of the limitation of the intelligent password key, the security of the authorization server can be guaranteed no matter the authorization server is in the internet or in an independent network environment, and the invalidation of software protection caused by operations such as malicious reset of the authorization server can be avoided.
In one embodiment of the present disclosure, the authority file may include a certificate of the public key in the limited privacy information, the storage information signature value, and the authority key information, and verifying the authority file may include the following steps:
the method comprises the following steps: determining whether the stored information is complete or not based on the certificate of the public key in the authority key information and the stored information signature value;
step two: if the stored information is complete, acquiring authority privacy information according to the stored information;
step three: and performing authority verification based on the authority privacy information.
In the embodiment of the present disclosure, the authority key information may include a public key and a private key of the authorization server. The authorization server generates authority privacy information according to the hardware characteristic information and authority key information in the intelligent password key, after the storage information of the authority privacy information is determined, the storage information can be signed by using a private key in the authority key information to obtain a stored information signature value, and then an authority file is generated based on the authority privacy information, the storage information, the stored information signature value and a certificate of a public key in the authority key information. The authority file generated in this way may include authority privacy information, storage information, a certificate storing an information signature value and a public key in authority key information, and the like.
The authority file comprises authority privacy information, storage information, a storage information signature value and a certificate of a public key in the authority key information, after the authorization client receives the authority file, the public key of the authorization server can be obtained from the certificate of the public key in the authority file information, and whether the storage information is complete or not is determined by using the public key of the authorization server and the storage information signature value. If the stored information can be signed by using the public key of the authorization server, whether the signature value obtained currently is the same as the signature value of the stored information contained in the authority file or not is determined, if so, the stored information in the authority file can be determined to be complete, otherwise, the stored information in the authority file can be determined to be incomplete. If the storage information in the authority file is determined to be complete, the authority privacy information can be obtained according to the storage information, and therefore authority verification is conducted based on the authority privacy information.
Specifically, the authorization client may compare hardware characteristic information of a target terminal where the authorization client is located with hardware characteristic information in the authority privacy information, if the hardware characteristic information is consistent with the hardware characteristic information in the authority privacy information, further determine whether a current time is within an authority validity period range in the authority privacy information, if the current time is within the authority validity period range, further determine whether a current ordinal number of the authority in the authority privacy information does not exceed an ordinal number corresponding to the total number of the authority, and if the current ordinal number of the authority in the authority privacy information does not exceed an ordinal number corresponding to the total number of the authority, may determine that the authority file passes verification, and may allow the target terminal to run software to be protected.
If one item is not satisfied, the authority file can be determined not to pass the verification, and the software to be protected is not allowed to run in the target terminal.
The authorization client verifies the authority file, so that the software to be protected can be protected, and the use validity of the software is ensured.
Corresponding to the method embodiment shown in fig. 2, the embodiment of the present disclosure further provides a software authorization apparatus, which is applied to an authorization server, where the authorization server is deployed with an intelligent password key, and the software authorization apparatus described below and the software authorization method described above may be referred to correspondingly.
Referring to fig. 4, the software authorization apparatus 400 may include the following modules:
an authorization application receiving module 410, configured to receive an authorization application sent by an authorization client;
a hardware characteristic obtaining module 420, configured to obtain hardware characteristic information of a target terminal where the authorized client is located;
the authority file generating module 430 is configured to generate an authority file based on the hardware feature information and the authority key information in the intelligent password key;
the authority file issuing module 440 is configured to issue the authority file to the authorization client, so that the authorization client determines whether to allow the software to be protected to run in the target terminal based on the authority file.
By applying the device provided by the embodiment of the disclosure, the authorization server can be independently deployed on equipment such as a server, the intelligent password key is deployed in the equipment, only the authorization client needs to be deployed on the terminal side, other hardware modules do not need to be added, the deployment cost can be reduced, the software authorization on the terminal is realized at lower deployment cost, and the use of software by a user is facilitated. Moreover, because of the limitation of the intelligent password key, the security of the authorization server can be guaranteed no matter the authorization server is in the internet or in an independent network environment, and the invalidation of software protection caused by operations such as malicious reset of the authorization server can be avoided.
In a specific embodiment of the present disclosure, the permission file generating module 430 is configured to:
generating authority privacy information according to the hardware characteristic information and the authority key information in the intelligent password key;
determining storage information of the authority privacy information, wherein the storage information comprises a storage position and a storage starting point in the storage position;
and generating an authority file based on the authority privacy information and the storage information.
In a specific embodiment of the present disclosure, the permission file generating module 430 is configured to:
signing the stored information by using a private key in the authority key information to obtain a stored signature value;
and generating an authority file based on the authority privacy information, the storage information signature value and the certificate of the public key in the authority key information.
In one embodiment of the present disclosure, the deposit information further comprises random information.
In a specific embodiment of the present disclosure, the smart cryptographic key includes an authority key information ciphertext and a symmetric key ciphertext, the symmetric key ciphertext is a ciphertext obtained by encrypting the symmetric key using a public key of the smart cryptographic key, and the authority key information ciphertext is a ciphertext obtained by encrypting the authority key information using the symmetric key; the software authorization apparatus 400 further includes a right key information obtaining module, configured to obtain right key information through the following steps:
decrypting the symmetric key ciphertext by using a private key of the intelligent cipher key to obtain a symmetric key;
and decrypting the authority key information ciphertext by using the symmetric key to obtain the authority key information.
In a specific embodiment of the present disclosure, the smart cryptographic key further includes a permission key information updating module, configured to update permission key information in the smart cryptographic key after the permission file is generated.
Corresponding to the method embodiment shown in fig. 3, the embodiment of the present disclosure further provides a software authorization apparatus, which is applied to an authorization client, and the software authorization apparatus described below and the software authorization method described above may be referred to correspondingly.
Referring to fig. 5, the software authorization apparatus 500 may include the following modules:
an authorization application sending module 510, configured to send an authorization application to an authorization server, so that the authorization server obtains hardware feature information of a target terminal where an authorization client is located, and generates an authorization file based on the hardware feature information and authorization key information in a deployed smart key;
a permission file receiving module 520, configured to receive a permission file issued by an authorization server;
a rights file verifying module 530, configured to verify the rights file;
and a software authorization determining module 540, configured to determine whether to allow the software to be protected to run in the target terminal according to the verification result.
By applying the device provided by the embodiment of the disclosure, only the authorization client needs to be deployed on the terminal side, and other hardware modules do not need to be added, so that the deployment cost can be reduced, the software authorization on the terminal is realized at lower deployment cost, and the use of software by a user is facilitated. Moreover, because of the limitation of the intelligent password key, the security of the authorization server can be guaranteed no matter the authorization server is in the internet or in an independent network environment, and the invalidation of software protection caused by operations such as malicious reset of the authorization server can be avoided.
In a specific embodiment of the present disclosure, the authority file includes authority privacy information, storage information, a certificate storing a public key in the information signature value and the authority key information, and the authority file verification module 530 is configured to:
determining whether the stored information is complete or not based on the certificate of the public key in the authority key information and the stored information signature value;
if the stored information is complete, obtaining the authority privacy information according to the stored information;
and performing permission verification based on the permission privacy information.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Fig. 6 is a block diagram illustrating a software authorization device 600 according to an example embodiment. As shown in fig. 6, the software authorization apparatus 600 may include: a processor 601 and a memory 602. The software authorization device 600 may also include one or more of a multimedia component 603, an input/output (I/O) interface 604, and a communication component 605.
The processor 601 is configured to control the overall operation of the software authorization apparatus 600, so as to complete all or part of the steps in the software authorization method shown in fig. 3. The memory 602 is used to store various types of data to support operation at the software authorization device 600, which may include, for example, instructions for any application or method operating on the software authorization device 600, as well as application-related data, such as transceived messages, pictures, audio, video, and so forth. The Memory 602 may be implemented by any type of volatile or non-volatile Memory device or combination thereof, such as Static Random Access Memory (SRAM), electrically Erasable Programmable Read-Only Memory (EEPROM), erasable Programmable Read-Only Memory (EPROM), programmable Read-Only Memory (PROM), read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic disk or optical disk. The multimedia components 603 may include a screen and audio components. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 602 or transmitted through the communication component 605. The audio assembly further comprises at least one speaker for outputting audio signals. The I/O interface 604 provides an interface between the processor 601 and other interface modules, such as a keyboard, mouse, buttons, and the like. These buttons may be virtual buttons or physical buttons. The communication component 605 is used for wired or wireless communication between the software authorization device 600 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, near Field Communication (NFC), 2G, 3G, or 4G, or a combination of one or more of them, so that the corresponding Communication component 605 may include: wi-Fi module, bluetooth module, NFC module.
In an exemplary embodiment, the software authorization apparatus 600 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic components for performing the software authorization method shown in fig. 3.
In another exemplary embodiment, a computer readable storage medium comprising program instructions which, when executed by a processor, implement the steps of the software authorization method illustrated in fig. 3 above is also provided. For example, the computer readable storage medium may be the memory 602 including program instructions executable by the processor 601 of the software authorization device 600 to perform the software authorization method shown in fig. 3 described above.
Fig. 7 is a block diagram illustrating a software authorization device 700 according to an example embodiment. For example, the software authorization device 700 may be provided as a server. Referring to fig. 7, the software authorizing device 700 includes a processor 701, which may be one or more in number, and a memory 702 for storing a computer program executable by the processor 701. The computer program stored in memory 702 may include one or more modules that each correspond to a set of instructions. Further, the processor 701 may be configured to execute the computer program to perform the software authorization method illustrated in fig. 2 described above.
Additionally, the software authorizing device 700 may also include a power component 703 and a communication component 704, the power component 703 may be configured to perform power management of the software authorizing device 700, and the communication component 704 may be configured to enable communication, e.g., wired or wireless communication, of the software authorizing device 700. In addition, the software authorizing device 700 may also include an input/output (I/O) interface 705. The software authorization device 700 may operate based on an operating system stored in memory 702, such as Windows Server, mac OS XTM, unixTM, linux, etc.
In another exemplary embodiment, a computer readable storage medium comprising program instructions which, when executed by a processor, implement the steps of the software authorization method illustrated in fig. 2 described above is also provided. For example, the computer readable storage medium may be the memory 702 described above including program instructions that are executable by the processor 701 of the software authorization device 700 to perform the software authorization method described above and shown in fig. 2.
The preferred embodiments of the present disclosure are described in detail with reference to the accompanying drawings, however, the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solution of the present disclosure within the technical idea of the present disclosure, and these simple modifications all belong to the protection scope of the present disclosure. For example, the smart key may be changed to an information storage device.
It should be noted that the various features described in the foregoing embodiments may be combined in any suitable manner without contradiction. In order to avoid unnecessary repetition, various possible combinations will not be separately described in this disclosure.
In addition, any combination of various embodiments of the present disclosure may be made, and the same should be considered as the disclosure of the present disclosure, as long as it does not depart from the spirit of the present disclosure.
Claims (9)
1. A software authorization method is applied to an authorization server, wherein an intelligent password key is deployed on the authorization server, and the method comprises the following steps:
receiving an authorization application sent by an authorization client;
acquiring hardware characteristic information of a target terminal where the authorization client is located;
generating an authority file based on the hardware characteristic information and the authority key information in the intelligent password key;
generating authority privacy information according to the hardware characteristic information and authority key information in the intelligent password key;
determining storage information of the authority privacy information, wherein the storage information comprises a storage position and a storage starting point in the storage position;
generating an authority file based on the authority privacy information and the storage information;
signing the storage information by using a private key in the authority key information to obtain a storage signature value;
generating an authority file based on the authority privacy information, the storage information signature value and a certificate of a public key in the authority key information;
and issuing the authority file to the authorization client so that the authorization client determines whether to allow the software to be protected to run in the target terminal based on the authority file.
2. The method of claim 1, wherein the deposit information further comprises random information.
3. The method according to claim 1, wherein the smart cryptographic key comprises an authority key information ciphertext and a symmetric key ciphertext, the symmetric key ciphertext is a ciphertext obtained by encrypting a symmetric key using a public key of the smart cryptographic key, and the authority key information ciphertext is a ciphertext obtained by encrypting the authority key information using the symmetric key;
acquiring the authority key information by the following steps:
decrypting the symmetric key ciphertext by using the private key of the intelligent cipher key to obtain the symmetric key;
and decrypting the authority key information ciphertext by using the symmetric key to obtain the authority key information.
4. The method according to any one of claims 1 to 3, further comprising, after the generating a rights file:
and updating the authority key information in the intelligent password key.
5. A software authorization method is applied to an authorization client, and comprises the following steps:
sending an authorization application to an authorization server to enable the authorization server to obtain hardware characteristic information of a target terminal where an authorization client is located, and generating an authority file based on the hardware characteristic information and authority key information in a deployed intelligent password key;
receiving the authority file issued by the authorization server;
verifying the authority file;
determining whether to allow the software to be protected to run in the target terminal according to a verification result;
the authority file comprises authority privacy information, storage information, a storage information signature value and a certificate of a public key in the authority key information, and the authority file is verified, which comprises the following steps:
determining whether the stored information is complete or not based on a certificate of a public key in the authority key information and the stored information signature value;
if the stored information is complete, acquiring the authority privacy information according to the stored information;
and performing permission verification based on the permission privacy information.
6. A software authorization device is applied to an authorization server, wherein an intelligent password key is deployed on the authorization server, and the device comprises:
the authorization application receiving module is used for receiving an authorization application sent by an authorization client;
the hardware characteristic acquisition module is used for acquiring hardware characteristic information of a target terminal where the authorization client is located;
the authority file generating module is used for generating an authority file based on the hardware characteristic information and the authority key information in the intelligent password key;
the permission file generation module is specifically configured to:
generating authority privacy information according to the hardware characteristic information and authority key information in the intelligent password key;
determining storage information of the authority privacy information, wherein the storage information comprises a storage position and a storage starting point in the storage position;
generating an authority file based on the authority privacy information and the storage information;
the permission file generation module is specifically configured to:
signing the storage information by using a private key in the authority key information to obtain a storage signature value;
generating an authority file based on the authority privacy information, the storage information signature value and a certificate of a public key in the authority key information;
and the authority file issuing module is used for issuing the authority file to the authorization client so that the authorization client determines whether to allow the software to be protected to run in the target terminal or not based on the authority file.
7. A software authorization apparatus, applied to an authorization client, the apparatus comprising:
the authorization application sending module is used for sending an authorization application to an authorization server so that the authorization server can acquire the hardware characteristic information of a target terminal where the authorization client is located, and generate an authority file based on the hardware characteristic information and the authority key information in the deployed intelligent password key;
generating authority privacy information according to the hardware characteristic information and authority key information in the intelligent password key;
determining storage information of the authority privacy information, wherein the storage information comprises a storage position and a storage starting point in the storage position;
generating an authority file based on the authority privacy information and the storage information;
signing the storage information by using a private key in the authority key information to obtain a storage signature value;
generating an authority file based on the authority privacy information, the storage information signature value and a certificate of a public key in the authority key information;
the authority file receiving module is used for receiving the authority file issued by the authorization server;
the authority file verification module is used for verifying the authority file;
a software authorization determining module, configured to determine whether to allow the software to be protected to run in the target terminal according to a verification result;
the authority file comprises authority privacy information, storage information, a storage information signature value and a certificate of a public key in the authority key information, and the authority file verification module is specifically used for:
determining whether the stored information is complete or not based on a certificate of a public key in the authority key information and the stored information signature value;
if the storage information is complete, acquiring the authority privacy information according to the storage information;
and performing permission verification based on the permission privacy information.
8. A software authorization device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the software authorization method according to any one of claims 1 to 5 when executing the computer program.
9. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the software authorization method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110712687.1A CN113378119B (en) | 2021-06-25 | 2021-06-25 | Software authorization method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110712687.1A CN113378119B (en) | 2021-06-25 | 2021-06-25 | Software authorization method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113378119A CN113378119A (en) | 2021-09-10 |
| CN113378119B true CN113378119B (en) | 2023-04-07 |
Family
ID=77579305
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110712687.1A Active CN113378119B (en) | 2021-06-25 | 2021-06-25 | Software authorization method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113378119B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114465803B (en) * | 2022-02-15 | 2024-03-01 | 阿里巴巴(中国)有限公司 | Object authorization method, device, system and storage medium |
| CN114785514B (en) * | 2022-03-23 | 2023-11-14 | 国网上海能源互联网研究院有限公司 | A method and system for industrial Internet of Things terminal application licensing authorization |
| CN116628643A (en) * | 2023-07-21 | 2023-08-22 | 中电科网络安全科技股份有限公司 | Geographic information deflection plug-in issuing method, device, equipment and medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5832207A (en) * | 1995-07-20 | 1998-11-03 | Dallas Semiconductor Corporation | Secure module with microprocessor and co-processor |
| WO2018119644A1 (en) * | 2016-12-27 | 2018-07-05 | 深圳配天智能技术研究院有限公司 | Software authorization method, system and device |
| CN110674475A (en) * | 2019-09-29 | 2020-01-10 | 北京可信华泰信息技术有限公司 | Authorization control method and device and trusted computing terminal |
| CN111625783A (en) * | 2020-05-26 | 2020-09-04 | 郑州轻工业大学 | Software authorization management system based on multi-stage encryption |
| CN112883390A (en) * | 2021-02-18 | 2021-06-01 | 腾讯科技(深圳)有限公司 | Authority control method and device and storage medium |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100120526A1 (en) * | 2008-11-13 | 2010-05-13 | Bally Gaming, Inc. | Co-processor assisted software authentication system |
| WO2014153759A1 (en) * | 2013-03-28 | 2014-10-02 | 华为技术有限公司 | Method and device for managing access control permission |
| CN104580316B (en) * | 2013-10-24 | 2019-03-22 | 深圳市国信互联科技有限公司 | Soft ware authorization management method and system |
| CN103761457A (en) * | 2013-12-27 | 2014-04-30 | 华为技术有限公司 | Software protecting method, device and system |
| CN105761753A (en) * | 2016-02-02 | 2016-07-13 | 清华大学 | Data scrambler/descrambler, memory device and scrambling/descrambling method |
| US11012241B2 (en) * | 2018-09-10 | 2021-05-18 | Dell Products L.P. | Information handling system entitlement validation |
| CN110597764B (en) * | 2019-10-10 | 2024-05-07 | 深圳前海微众银行股份有限公司 | File downloading and version management method and device |
| CN112463734A (en) * | 2020-11-20 | 2021-03-09 | 苏州浪潮智能科技有限公司 | File retrieval method, system and related device |
| CN113326482B (en) * | 2021-03-24 | 2025-04-22 | 统信软件技术有限公司 | Authorization control method, authorization method, device and computing device |
-
2021
- 2021-06-25 CN CN202110712687.1A patent/CN113378119B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5832207A (en) * | 1995-07-20 | 1998-11-03 | Dallas Semiconductor Corporation | Secure module with microprocessor and co-processor |
| WO2018119644A1 (en) * | 2016-12-27 | 2018-07-05 | 深圳配天智能技术研究院有限公司 | Software authorization method, system and device |
| CN110674475A (en) * | 2019-09-29 | 2020-01-10 | 北京可信华泰信息技术有限公司 | Authorization control method and device and trusted computing terminal |
| CN111625783A (en) * | 2020-05-26 | 2020-09-04 | 郑州轻工业大学 | Software authorization management system based on multi-stage encryption |
| CN112883390A (en) * | 2021-02-18 | 2021-06-01 | 腾讯科技(深圳)有限公司 | Authority control method and device and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 基于关系数据库的知识库的建立;吴海桥等;《微型电脑应用》;20011130(第11期);第51-53+3页 * |
| 基于数据分割与分级的云存储数据隐私保护机制;李莉;《电脑编程技巧与维护》;20171118(第22期);第46-49页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113378119A (en) | 2021-09-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111404696B (en) | Collaborative signature method, security service middleware, related platform and system | |
| CN108809646B (en) | Secure shared key sharing system | |
| US8281115B2 (en) | Security method using self-generated encryption key, and security apparatus using the same | |
| CN113378119B (en) | Software authorization method, device, equipment and storage medium | |
| CN109412812B (en) | Data security processing system, method, device and storage medium | |
| CN111401901B (en) | Authentication method and device of biological payment device, computer device and storage medium | |
| US20160330029A1 (en) | Authenticator device facilitating file security | |
| JP2004295271A (en) | Card and pass code generator | |
| CN106936588B (en) | Hosting method, device and system of hardware control lock | |
| CN104798083A (en) | Method and system for verifying an access request | |
| CN204360381U (en) | mobile device | |
| CN107124279B (en) | Method and device for erasing terminal data | |
| CN108229144B (en) | Verification method of application program, terminal equipment and storage medium | |
| CN109639644B (en) | Authorization verification method and device, storage medium and electronic equipment | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN109302442B (en) | Data storage proving method and related equipment | |
| CN110287725B (en) | Equipment, authority control method thereof and computer readable storage medium | |
| CN106992978B (en) | Network security management method and server | |
| CN113194090B (en) | Authentication method, authentication device, terminal device and computer readable storage medium | |
| CN118984459A (en) | A system and method for tenant key backup and recovery based on mobile terminal | |
| CN105430022B (en) | A data input control method and terminal equipment | |
| CN112559979A (en) | Method for protecting software library authorized use on POS machine through hardware security chip | |
| JP2016515778A (en) | Application encryption processing method, apparatus and terminal | |
| CN106330877A (en) | A method and system for authorizing terminal state transitions | |
| CN102542698B (en) | Safety protective method of electric power mobile payment terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: No. 333, Yunhua Road, high tech Zone, Chengdu, Sichuan 610041 Patentee after: China Electronics Technology Network Security Technology Co.,Ltd. Address before: No. 333, Yunhua Road, high tech Zone, Chengdu, Sichuan 610041 Patentee before: CHENGDU WESTONE INFORMATION INDUSTRY Inc. |