CN108268767A - Web application authorization method and device - Google Patents

Web application authorization method and device Download PDF

Info

Publication number
CN108268767A
CN108268767A CN201611255895.9A CN201611255895A CN108268767A CN 108268767 A CN108268767 A CN 108268767A CN 201611255895 A CN201611255895 A CN 201611255895A CN 108268767 A CN108268767 A CN 108268767A
Authority
CN
China
Prior art keywords
web application
authorization
target web
digital signature
tampered
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611255895.9A
Other languages
Chinese (zh)
Inventor
郑继攀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Gridsum Technology Co Ltd
Original Assignee
Beijing Gridsum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Gridsum Technology Co Ltd filed Critical Beijing Gridsum Technology Co Ltd
Priority to CN201611255895.9A priority Critical patent/CN108268767A/en
Publication of CN108268767A publication Critical patent/CN108268767A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of web application authorization method and devices, and public key is stored in target web application, which is generated by rivest, shamir, adelman.When operational objective web application, authorization file is obtained, which includes the first digital signature and authorization message.Whether it is tampered using public key and the first digital signature authentication authorization file, when determining that authorization file is not tampered with, whether the operation information using authorization message verification target web application meets authorising conditional, if do not met, exits target web application.This method private key is digitally signed authorization file, and the public/private keys that rivest, shamir, adelman obtains have uniqueness, and therefore, digital signature can not possibly be tampered, so as to ensure to verify the uniqueness of standard whether authorization file is tampered.Therefore, the safety higher of the authorization function for the web application realized using this method.

Description

Web application authorization method and device
Technical field
The present invention relates to field of computer technology more particularly to web application authorization methods and device.
Background technology
Web application be it is a kind of can be by the application program of web access.For certain user to web application Confidentiality demand, such as the user of government part needs web application being deployed to the LAN environment of user (that is, specially Net, for example, railway system's private network, public security system private network etc.) in rather than be directly exposed on public network, so-called public network is opposite For private network, such as the network that the erection of each operator is society service.
Usually before formally web application is disposed for user, first user can be allowed to be tried out, this requires Web Application program is capable of providing the period on probation, and web application is avoided to be tried out by indefinite duration, and then web application is avoided to develop The loss of side, therefore, web application is needed to have stops the function of authorizing after end cycle on probation.
At present, web application empowerment management using symmetric cryptography mode, authority is encrypted, web application The authority is decrypted, then the authorization message in authority, judges web application whether also within the mandate phase, If it exceeds the phase of mandate then exits web application.The encryption key of symmetric cryptography mode is identical with decruption key, to Web application being capable of decryption and authorization file, it is necessary to Crypted password and web application be put together, usually using " dark The method of patch ", is put into a place for being not easy to be found, still, " hidden subsidy " mode stores Crypted password also by Crypted password It is relatively easily to be cracked, web application is caused to remain to use after more than licensing term, and then leads to Web application journeys The economic loss of sequence exploitation side.
Invention content
In view of the above problems, it is proposed that the present invention overcomes the above problem in order to provide one kind or solves at least partly Web application authorization method and device, the technical solution for stating problem are as follows:
In a first aspect, the application provides a kind of web application authorization method, applied to treating for operation web application It verifies in host, including:
When operational objective web application, the public key being stored in the target web application, the public affairs are obtained Key is generated according to rivest, shamir, adelman;
Obtain authorization file, the authorization file include the first digital signature and authorization message, described first Digital signature is signed to obtain using private key corresponding with the public key to the authorization message;
Whether it is tampered using authorization file described in the public key and first digital signature authentication;
After determining that the authorization file is not tampered with, verify that the target Web is applied according to the authorization message Whether the operation information of program matches with the authorization message;
When the operation information of the target web application is mismatched with the authorization message, the target Web is exited Application program.
Optionally, the authorization message includes the unique mark of the corresponding authorized host of the target web application And licensing term;
It is described whether to be tampered using authorization file described in the public key and first digital signature authentication, it wraps It includes:
First digital signature is decrypted to obtain the first cryptographic Hash using the public key;
Authorization message and corresponding second cryptographic Hash of the authorization message are obtained from the authorization file;
Compare first cryptographic Hash and whether second cryptographic Hash is identical;
If first cryptographic Hash is identical with second cryptographic Hash, it is determined that the authorization file is not usurped Change;
If first cryptographic Hash is different from second cryptographic Hash, it is determined that the authorization file is tampered.
Optionally, the authorization message includes the first unique mark and licensing term that are authorized to host;
It is described after the determining authorization file is not tampered with, the target Web is verified according to the authorization message Whether the operation information of application program matches with the authorization message, including:
Obtain the second unique mark of the host to be verified;
Judge whether second unique mark and first unique mark are identical;
If second unique mark is identical with first unique mark, judge whether current time awards described It weighs in the licensing term in license file;
When the current time is in the licensing term, determine the operation information of the target web application with The authorization message matching;
When second unique mark and first unique mark differ, alternatively, current time exceeds the mandate During the time limit, the operation information and the authorization message that determine the target web application mismatch.
Optionally, the method further includes:
The target web application is digitally signed, obtains the second digital signature;
When running the target web application, target Web application journeys described in second digital signature authentication are utilized Whether sequence is tampered;
When determining that the target web application is not tampered with, perform the acquisition and be stored in the target Web applications The step of public key in program.
Second aspect, the application provide a kind of web application authorization method, it is awarded applied to web application In the host for weighing management, the method includes:
Obtain the unique mark for being authorized to host and the licensing term for obtaining the target web application;
Public key and private key are generated, and the public key is stored to the target Web application journeys according to rivest, shamir, adelman In sequence;
It is signed using the private key to the unique mark and the licensing term, obtains the first number label Name;
Authorization file is generated, and will using first digital signature, the unique mark and the licensing term In the authorization file storage to the target web application;It is answered when the authorized host loads the target Web After program, whether be tampered using authorization file described in the public key and first digital signature authentication and, when When determining that the authorization file is not tampered with, awarded described in authorization file verification described in the authorized host computer Whether the operation information of the power host operation target web application meets the authorization message in the authorization file.
The third aspect, the application provide a kind of web application authorization device, applied to treating for operation web application It verifies in host, including:
First acquisition module, for when operational objective web application, acquisition to be stored in the target Web application journeys Public key in sequence, the public key are generated according to rivest, shamir, adelman;
Second acquisition module, for obtaining authorization file, the authorization file include the first digital signature and Authorization message, first digital signature are signed to obtain using private key corresponding with the public key to the authorization message;
First authentication module, for being using authorization file described in the public key and first digital signature authentication It is no to be tampered;
Second authentication module, for after the determining authorization file is not tampered with, being tested according to the authorization message Whether the operation information for demonstrate,proving the target web application matches with the authorization message;
Program exits module, is mismatched for working as the operation information of the target web application with the authorization message When, exit the target web application.
Optionally, the authorization message includes the unique mark of the corresponding authorized host of the target web application And licensing term;First authentication module includes:
Submodule is decrypted, for being decrypted to obtain the first cryptographic Hash to first digital signature using the public key;
Computational submodule, for obtaining authorization message and the authorization message corresponding the from the authorization file Two cryptographic Hash;
Whether comparison sub-module is identical for first cryptographic Hash and second cryptographic Hash;
First determination sub-module, for when first cryptographic Hash is identical with second cryptographic Hash, determining described award Power license file is not tampered with;
Second determination sub-module, for when first cryptographic Hash is with the second cryptographic Hash difference, determining described award Power license file is tampered.
Optionally, the authorization message includes the first unique mark and licensing term that are authorized to host;Described second tests Card module includes:
First acquisition submodule, for obtaining the second unique mark of the host to be verified;
First judging submodule, for judging whether second unique mark and first unique mark are identical;
Second judgment submodule, for when second unique mark is identical with first unique mark, judging to work as Whether the preceding time is in the licensing term in the authorization file;
Third determination sub-module, for when the current time is in the licensing term, determining that the target Web should It is matched with the operation information of program with the authorization message;
4th determination sub-module differs for working as second unique mark with first unique mark, alternatively, working as When the preceding time exceeds the licensing term, do not determine the operation information of the target web application and the authorization message not Match.
Optionally, described device further includes:
Digital Signature module for being digitally signed to the target web application, obtains the second digital signature;
Third authentication module, for when running the target web application, utilizing second digital signature authentication Whether the target web application is tampered;When determining that the target web application is not tampered with, control described the The acquisition of one acquisition module is stored in the public key in the target web application.
Fourth aspect, the application provide a kind of web application authorization device, are awarded applied to web application In the host for weighing management, described device includes:
First acquisition module, for obtaining the unique mark of authorized host;
Second acquisition module, for obtaining the licensing term of the target web application;
Key production module for generating public key and private key according to rivest, shamir, adelman, and the public key storage is arrived In the target web application;
Digital Signature module for being signed using the private key to the unique mark and the licensing term, is obtained To first digital signature;
Authorization file generating module, for utilizing first digital signature, the unique mark and the mandate Time limit generates authorization file, and will be in authorization file storage to the target web application;When authorized Host utilizes authorization text described in the public key and first digital signature authentication after loading the target web application Whether part is tampered, when determining that the authorization file is not tampered with, authorization described in the authorized host computer Whether the operation information for being authorized to the host operation target web application described in file verification meets the authorization text Authorization message in part.
By above-mentioned technical proposal, web application authorization method provided by the invention, in target web application Public key is stored with, which is generated by rivest, shamir, adelman.When operational objective web application, authorization text is obtained Part, the authorization file include the first digital signature and authorization message.Permitted using public key and the first digital signature authentication mandate Can file whether be tampered, when determining that authorization file is not tampered with, utilize authorization message verification target web application Operation information whether meet authorising conditional, if not meeting authorising conditional, exit the target web application.This method The private key generated using rivest, shamir, adelman is digitally signed authorization file, the public affairs that rivest, shamir, adelman obtains Key/private key has uniqueness, and therefore, digital signature can not possibly be tampered, so as to ensure to verify whether authorization file is usurped The uniqueness of the standard changed.Therefore, the safety higher of the authorization function for the web application realized using this method.
Above description is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can It is clearer and more comprehensible, below the special specific embodiment for lifting the present invention.
Description of the drawings
By reading the detailed description of hereafter preferred embodiment, it is various other the advantages of and benefit it is common for this field Technical staff will become clear.Attached drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows a kind of flow chart of web application authorization method of the embodiment of the present invention;
Fig. 2 shows a kind of flow charts verified the authorization file and whether be tampered process of the embodiment of the present invention;
Fig. 3 show the embodiment of the present invention it is a kind of verification operation information whether the flow with the matched process of authorization message Figure;
Fig. 4 shows the flow chart of another kind web application authorization method of the embodiment of the present invention;
Fig. 5 shows the flow chart of another web application authorization method of the embodiment of the present invention;
Fig. 6 shows that the embodiment of the present invention obtains the flow chart of the first digital signature procedure;
Fig. 7 shows a kind of block diagram of web application authorization device of the embodiment of the present invention;
Fig. 8 shows a kind of block diagram of first authentication module of the embodiment of the present invention;
Fig. 9 shows a kind of block diagram of second authentication module of the embodiment of the present invention;
Figure 10 shows the block diagram of another kind web application authorization device of the embodiment of the present invention;
Figure 11 shows the block diagram of another kind web application authorization device of the embodiment of the present invention;
Figure 12 shows a kind of block diagram of Digital Signature module of the embodiment of the present invention.
Specific embodiment
The exemplary embodiment of the application is more fully described below with reference to accompanying drawings.Although the application is shown in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the application without should be by embodiments set forth here It is limited.It is to be able to be best understood from the application, and can be by scope of the present application on the contrary, providing these embodiments Completely it is communicated to those skilled in the art.
Fig. 1 is referred to, shows a kind of flow chart of web application authorization method of the embodiment of the present invention, this method should For running in the host to be verified of web application, as shown in Figure 1, this includes:
S110, when host operational objective web application to be verified, acquisition is stored in target web application Public key.
Target web application refers to any one web application for needing to carry out empowerment management.
Host to be verified is the computer equipment of operational objective web application.
The public key is generated according to rivest, shamir, adelman, and is stored into target web application.
S120 obtains authorization file.
Authorization file and target web application are deployed to together in host to be verified.
The authorization file includes the first digital signature and authorization message, wherein, the first digital signature utilizes and public key Corresponding private key is signed to obtain to authorization message.
Authorization message includes the unique mark and licensing term that are authorized to host;Being authorized to the unique mark of host can wrap Include the unique of the computers such as CPU sequence numbers, MAC (Media Access Control, media access control) address of computer Information.
In a kind of possible realization method of the application, any one unique information of computer can be selected as unique Mark, can also using multiple unique informations of computer, the unique information used is more, distorts computer as unique mark The difficulty of unique mark is bigger.
Whether S130 is tampered using public key and the first digital signature authentication authorization file;If be not tampered with, Then perform S140;If be tampered with, S150 is performed.
After host to be verified obtains authorization file, tested first with the first digital signature in authorization file Whether card authorization file is tampered with.Using the information in the first digital signature as standard, judge in authorization file Whether authorization message is consistent with standard.
In a kind of possible realization method of the present invention, as shown in Fig. 2, S130 can include:
S131 is decrypted the first digital signature using public key to obtain the first cryptographic Hash.
First digital signature is corresponding to authorization message (unique mark and licensing term that are authorized to host) using private key What the cryptographic Hash of character string was encrypted.
Hash algorithm is another binary numeral that the binary numeral of random length is mapped as to shorter regular length, This short binary numeral is known as cryptographic Hash.Cryptographic Hash is the unique and extremely compact numerical value representation of one piece of data, right In a character string even only changing a character in the character string, subsequent Hash will all generate different cryptographic Hash.
First digital signature is decrypted to obtain the first cryptographic Hash for host computer public key to be verified.
S132 obtains authorization message from authorization file, and obtains corresponding second cryptographic Hash of the authorization message.
Host to be verified obtains authorization message from authorization file, then calculates the authorization message using hash algorithm Corresponding cryptographic Hash, i.e. the second cryptographic Hash, second cryptographic Hash are the corresponding cryptographic Hash of character string of authorization message.
S133, compares the first cryptographic Hash and whether the second cryptographic Hash is identical;If identical, S134 is performed;If not phase Together, S135 is performed.
S134 determines that authorization file is not tampered with.If two cryptographic Hash are consistent, show in authorization file Authorization message be not tampered with.
S135 determines that authorization file is tampered.If two cryptographic Hash are inconsistent, show in authorization file Authorization message be tampered with.
S140, according to authorization message verify the target web application operation information whether with the authorization message Matching;If it does not match, perform S150;If it does, then perform S160.
Authorization message generally includes to be authorized to the unique mark and licensing term of host, correspondingly, operation information includes treating Verify the unique mark and current time of host.
In a kind of possible realization method of the present invention, first judge whether host to be verified is authorization host, if by Authorization host is further determined whether in licensing term.As shown in figure 3, whether verification operation information matches with authorization message Process may comprise steps of:
S141 obtains the second unique mark of host to be verified.
S142 judges whether the second unique mark and the first unique mark in authorization file are identical;If identical, Then perform S143;If it is not the same, then perform S145;
S143 judges the licensing term whether current time is less than in authorization file;If it is less, it performs S144;If beyond licensing term, S145 is performed.
S144 determines that the operation information of target web application is matched with authorization message.
S145, the operation information and the authorization message for determining target web application mismatch.
It should be noted that in other possible realization methods of the present invention, target web application can be first judged Current time whether in licensing term, if in licensing term, further judge whether host to be verified is to be awarded Weigh host.The present invention does not limit the judgement sequence of authorization host and licensing term.
S150 exits target web application.
If it is determined that the operation information of host operational objective web application to be verified mismatches (i.e. not with authorization message Meet authorising conditional), then exit target web application.
S160 is verified, normal operation target web application.
If the operation information of host operational objective web application to be verified is matched with authorization message, it is determined that is met Authorising conditional, normal operation target web application.
Web application authorization method provided in this embodiment, public key is stored in target web application, the public affairs Key is generated by rivest, shamir, adelman.When operational objective web application, authorization file, authorization text are obtained Part includes the first digital signature and authorization message.Whether usurped using public key and the first digital signature authentication authorization file Change, if authorization file is not tampered with, whether the operation information using authorization message verification target web application meets Authorising conditional if not meeting authorising conditional, exits the target web application.This method utilizes rivest, shamir, adelman The private key of generation is digitally signed authorization file, and the public/private keys that rivest, shamir, adelman obtains have uniqueness, Therefore, digital signature can not possibly be tampered, so as to ensure to verify the uniqueness of standard whether authorization file is tampered.Cause This, the safety higher of the authorization function of web application realized using this method.
Fig. 4 is referred to, shows the flow chart of another kind web application authorization method of the embodiment of the present invention, this implementation In example, the public key that web application is concentrated in order to prevent is tampered, and is signed using strong naming technique to procedure set.Such as Fig. 4 It is shown, it is further included on the basis of this method embodiment shown in Fig. 1:
S210 is digitally signed target web application using strong naming technique, obtains the second digital signature.
Strong name be made of the mark of a procedure set and pass through public key and digital signature (being generated for the procedure set) plus Strong title.Wherein, the mark of procedure set includes plain text title, version number and regional information.Strong name provides reliable Integrity checking.
S220, when operational objective web application, using the second digital signature authentication target web application whether It is tampered;If the step of target web application is not tampered with, performs S110;If target web application is usurped Change, then perform S150.
When carrying out strong name signature, Hash operation is carried out to procedure set (not including DOS and PE) first, obtains text Then the hashed value of part is encrypted hashed value using private key, obtains ciphertext.Then by public key, public key mark and ciphertext three A information is stored in procedure set.When loading the procedure set, the procedure set is carried out first Hash operation obtain one it is new Then cryptographic Hash extracts public key from procedure set and ciphertext is decrypted to obtain original cryptographic Hash, if two cryptographic Hash are identical, i.e., Pass through verification.
Anyone will not generate the public/private keys pair identical with other people, therefore, the label carried out using private key to procedure set Name can not possibly be tampered, can be as the criterion of proving program collection.
It should be noted that public/private keys pair used in the second digital signature and public affairs during authority checking in strong name Key/private key is to differing.
Web application authorization method provided in this embodiment when loading target web application, first verifies that mesh Mark web application whether be tampered with, if be not tampered with, continue according to authorization file verification currently operation whether Meet authorising conditional.The public key in web application can be effectively prevent to be tampered using this method, so as to further improve The authorization function safety of web application.
Fig. 5 is referred to, shows the flow chart of another web application authorization method of the embodiment of the present invention, this method Applied in the host that empowerment management is carried out to web application, the host of empowerment management is the meter of web application exploitation side Calculate machine equipment.
As shown in figure 5, this method includes:
S310 obtains the unique mark of the authorized host of operational objective web application and obtains the target The licensing term of web application.
CPU sequence number of the unique mark including computer, MAC Address for being authorized to host etc. being capable of unique mark computer Information.
In a kind of possible realization method of the present invention, input in empowerment management host by staff licensing term with It is authorized to the unique mark of host.
S320 generates public key and private key, and should to the target Web by public key storage according to rivest, shamir, adelman With in program.
Public/private keys pair are generated, and public key is saved in target web application using rivest, shamir, adelman.It is public Key/private key is to uniqueness.
S330 signs to the unique mark and the licensing term using private key, obtains the first number label Name.
In a kind of possible realization method of the present invention, as shown in fig. 6, S330 may comprise steps of:
First corresponding to the unique mark and the character string of licensing term composition is calculated using hash algorithm by S331 Cryptographic Hash.
The unique mark for being authorized to host and the character string of licensing term composition are obtained, then, calculates character string correspondence Cryptographic Hash, referred to as the first cryptographic Hash.
S332 is encrypted the first cryptographic Hash using private key to obtain first digital signature.
The first cryptographic Hash is encrypted using the step S320 private keys generated, obtains the first digital signature.
S340 generates authorization file using first digital signature, the unique mark and the licensing term, It and will be in authorization file storage to target web application.
The authorized host computer public key and the first digital signature authentication authorization file whether be tampered and, When determining that the authorization file is not tampered with, the authorized host computer authorization file verification is authorized to host Whether the operation information of operational objective web application matches with the authorization message in authorization file.
Web application authorization method provided in this embodiment, according to the unique mark of authorized host, licensing term and Private key generates the digital signature of authorization file, utilizes the digital signature, the unique mark and licensing term of authorized host Generate authorization file.When host to be verified runs web application, it is using digital signature authentication authorization file It is no to be tampered, if be not tampered with, further verify that current operation Web should using the authorization message in authorization file Whether meet authorising conditional with program, the web application is automatically exited from if not meeting.This method utilizes asymmetric encryption The private key of algorithm generation is digitally signed authorization file, and the public/private keys that rivest, shamir, adelman obtains have only One property, therefore, digital signature can not possibly be tampered, so as to ensure to verify the unique of the standard that whether is tampered of authorization file Property.Therefore, the safety higher of the authorization function for the web application realized using this method.
Corresponding to above-mentioned web application authorization method embodiment, the present invention also provides web application mandate dresses Put embodiment.
Fig. 7 is referred to, shows a kind of block diagram of web application authorization device of the embodiment of the present invention, the device application In the host to be verified of operation web application, which includes:First acquisition module 110, the second acquisition module 120, One authentication module 130, the second authentication module 140 and program exit module 150.
First acquisition module 110, for when operational objective web application, acquisition to be stored in target web application In public key.
The public key is generated according to rivest, shamir, adelman.Public/private keys using rivest, shamir, adelman generation have only One property is impossible to obtain identical public/private keys using same rivest, shamir, adelman.
Second acquisition module 120, for obtaining authorization file.
The authorization file includes the first digital signature and authorization message, which utilizes corresponding with public key Private key authorization message is encrypted to obtain.
Authorization message includes the unique mark and licensing term that are authorized to host.
Unique mark can include the letter that CPU sequence numbers, MAC Address of computer etc. are capable of unique mark computer equipment Breath.
In a kind of possible realization method of the application, any one unique information of computer can be selected as unique Mark, can also using multiple unique informations of computer, the unique information used is more, distorts computer as unique mark The difficulty of unique mark is bigger.
First authentication module 130, for whether being usurped using public key and the first digital signature authentication authorization file Change.
After host to be verified obtains authorization file, tested first with the first digital signature in authorization file Whether card authorization file is tampered with.Using the information in the first digital signature as standard, judge in authorization file Whether authorization message is consistent with standard.
In a kind of possible realization method of the present invention, as shown in figure 8, the first authentication module 130 includes:Decrypt submodule 131st, computational submodule 132, comparison sub-module 133, the first determination sub-module 134 and the second determination sub-module 135.
Submodule 131 is decrypted, for the first digital signature to be decrypted using public key to obtain the first cryptographic Hash.
First digital signature is corresponding to authorization message (unique mark and licensing term that are authorized to host) using private key What the cryptographic Hash of character string was encrypted.Therefore, during verification, the first digital signature is decrypted using public key, is obtained Cryptographic Hash, referred to as the first cryptographic Hash.
Computational submodule 132 is breathed out for obtaining authorization message and authorization message corresponding second from authorization file Uncommon value.
Whether comparison sub-module 133 is identical for comparing the first cryptographic Hash and the second cryptographic Hash;
First determination sub-module 134, for when the first cryptographic Hash is identical with the second cryptographic Hash, determining authorization file It is not tampered with;
Second determination sub-module 135, for when the first cryptographic Hash is with the second cryptographic Hash difference, determining authorization file It is tampered.
Second authentication module 140, for after determining authorization file is not tampered with, target to be verified according to authorization message Whether the operation information of web application matches with authorization message.
The unique mark of the computer equipment of operation information including operational objective web application and, current time.
In a kind of possible realization method of the present invention, first judge whether host to be verified is authorization host, if by Authorization host is further determined whether in licensing term.As shown in figure 9, the second authentication module 140 can include:First obtains Submodule 141, the first judging submodule 142, second judgment submodule 143, third determination sub-module 144 and the 4th is taken to determine son Module 145.
First acquisition submodule 141, for obtaining the second unique mark of host to be verified.
First judging submodule 142, for judging whether the second unique mark is identical with the first unique mark.
Second judgment submodule 143, for when the second unique mark is identical with the first unique mark, judging current time Whether in licensing term;
Third determination sub-module 144, for when current time is in licensing term, determining target web application Operation information is matched with authorization message;
4th determination sub-module 145, for being differed when the second unique mark with the first unique mark, alternatively, when current Between when exceeding licensing term, determine that the operation information of target web application is mismatched with authorization message.
Program exits module 150, for when the operation information of target web application is mismatched with authorization message, moving back Go out target web application.
If it is determined that the operation information of host operational objective web application to be verified mismatches (i.e. not with authorization message Meet authorising conditional), then exit target web application.
If the operation information of host operational objective web application to be verified is matched with authorization message, it is determined that is met Authorising conditional, normal operation target web application.
Web application authorization device provided in this embodiment, public key is stored in target web application, the public affairs Key is generated by rivest, shamir, adelman.When operational objective web application, authorization text is obtained by the second acquisition module Part, the authorization file include the first digital signature and authorization message.First authentication module utilizes public key and the first number label Whether name verification authorization file is tampered, if authorization file is not tampered with, mandate is utilized by the second authentication module Whether the operation information of Information Authentication target web application meets authorising conditional, if not meeting authorising conditional, exits this Target web application.The device is digitally signed authorization file using the private key that rivest, shamir, adelman generates, The public/private keys that rivest, shamir, adelman obtains have uniqueness, and therefore, digital signature can not possibly be tampered, so as to ensure to test The uniqueness of standard whether card authorization file is tampered.Therefore, the mandate for the web application realized using the device The safety higher of licensing function.
Figure 10 is referred to, shows the block diagram of another kind web application authorization device of the embodiment of the present invention, which exists It is further included on the basis of embodiment illustrated in fig. 7:Digital Signature module 210 and third authentication module 220.
Digital Signature module 210 for being digitally signed to target web application, obtains the second digital signature;
Third authentication module 220, for when operational objective web application, utilizing the second digital signature signature verification Whether target web application is tampered;When determining that target web application is not tampered with, the first acquisition module of control obtains Take the public key being stored in the target web application.
Web application authorization device provided in this embodiment when loading target web application, first verifies that mesh Mark web application whether be tampered with, if be not tampered with, continue according to authorization file verification currently operation whether Meet authorising conditional.The public key in web application can be effectively prevent to be tampered using the device, so as to further improve The authorization function safety of web application.
Figure 11 is referred to, shows the block diagram of another kind web application authorization device of the embodiment of the present invention, which should For being carried out to web application in the host of empowerment management, the host of empowerment management is the calculating of web application exploitation side Machine equipment.
As shown in figure 11, described device includes:First acquisition module 310, the second acquisition module 320, key production module 330th, Digital Signature module 340 and authorization file generating module 350.
First acquisition module 310, for obtaining the unique mark of authorized host.
Second acquisition module 320, for obtaining the licensing term of target web application.
Key production module 330 for generating public key and private key according to rivest, shamir, adelman, and public key is stored to mesh It marks in web application.
Digital Signature module 340 for signing using private key to unique mark and licensing term, obtains the first number Signature.
As shown in figure 12, Digital Signature module 340, including:Computational submodule 341 and encryption submodule 342.
Computational submodule 341, for calculating corresponding first cryptographic Hash of character string of unique mark and licensing term composition.
Submodule 342 is encrypted, for the first cryptographic Hash to be encrypted using private key to obtain the first digital signature.
Authorization file generating module 350, for being awarded using the generation of the first digital signature, unique mark and licensing term License file is weighed, and will be in the storage to target web application of authorization file.
Be authorized to host computer public key and the first digital signature authentication authorization file whether be tampered and, when true When determining authorization file and being not tampered with, make to be authorized to host computer authorization file verification and be authorized to host operational objective Whether the operation information of web application meets the authorization message in authorization file.
Web application authorization device provided in this embodiment, according to the unique mark of authorized host, licensing term and Private key generates the digital signature of authorization file, utilizes the digital signature, the unique mark and licensing term of authorized host Generate authorization file.When host to be verified runs web application, it is using digital signature authentication authorization file It is no to be tampered, if be not tampered with, further verify that current operation Web should using the authorization message in authorization file Whether meet authorising conditional with program, the web application is automatically exited from if not meeting.This method utilizes asymmetric encryption The private key of algorithm generation is digitally signed authorization file, and the public/private keys that rivest, shamir, adelman obtains have only One property, therefore, digital signature can not possibly be tampered, so as to ensure to verify the unique of the standard that whether is tampered of authorization file Property.Therefore, the safety higher of the authorization function for the web application realized using this method.
The web application authorization device includes processor and memory, and above-mentioned first acquisition module 110, second are obtained Modulus block 120, the first authentication module 130, the second authentication module 140 and program exit module 150 etc. and are deposited as program unit Storage in memory, performs above procedure unit stored in memory to realize corresponding function by processor.
Comprising kernel in processor, gone in memory to transfer corresponding program unit by kernel.Kernel can set one Or more, the safety of web application mandate is improved by adjusting kernel parameter.
Memory may include computer-readable medium in volatile memory, random access memory (RAM) and/ Or the forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM), memory includes at least one deposit Store up chip.
Web application authorization device provided in this embodiment, public key is stored in target web application, the public affairs Key is generated by rivest, shamir, adelman.When operational objective web application, authorization text is obtained by the second acquisition module Part, the authorization file include the first digital signature and authorization message.First authentication module utilizes public key and the first number label Whether name verification authorization file is tampered, if authorization file is not tampered with, mandate is utilized by the second authentication module Whether the operation information of Information Authentication target web application meets authorising conditional, if not meeting authorising conditional, exits this Target web application.The device is digitally signed authorization file using the private key that rivest, shamir, adelman generates, The public/private keys that rivest, shamir, adelman obtains have uniqueness, and therefore, digital signature can not possibly be tampered, so as to ensure to test The uniqueness of standard whether card authorization file is tampered.Therefore, the mandate for the web application realized using the device The safety higher of licensing function.
Present invention also provides a kind of computer program products, first when being performed on data processing equipment, being adapted for carrying out The program code of beginningization there are as below methods step:
When operational objective web application, the public key being stored in the target web application, the public affairs are obtained Key is generated according to rivest, shamir, adelman;
Obtain authorization file, the authorization file include the first digital signature and authorization message, described first Digital signature is signed to obtain using private key corresponding with the public key to the authorization message;
Whether it is tampered using authorization file described in the public key and first digital signature authentication;
After determining that the authorization file is not tampered with, verify that the target Web is applied according to the authorization message Whether the operation information of program matches with the authorization message;
When the operation information of the target web application is mismatched with the authorization message, the target Web is exited Application program.
Present invention also provides another computer program product, when being performed on data processing equipment, being adapted for carrying out The program code of initialization there are as below methods step:
Obtain the unique mark for being authorized to host and the licensing term for obtaining the target web application;
Public key and private key are generated, and the public key is stored to the target Web application journeys according to rivest, shamir, adelman In sequence;
It is signed using the private key to the unique mark and the licensing term, obtains the first number label Name;
Authorization file is generated, and will using first digital signature, the unique mark and the licensing term The authorization file is deployed in the authorized host, so that public key described in the authorized host computer and described Authorization file described in one digital signature authentication whether be tampered and, when determining that the authorization file is not tampered with When, make to be authorized to the host operation target Web applications described in authorization file verification described in the authorized host computer Whether the operation information of program meets the authorization message in the authorization file.
It should be understood by those skilled in the art that, embodiments herein can be provided as method, system or computer program Product.Therefore, the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware can be used in the application Apply the form of example.Moreover, the computer for wherein including computer usable program code in one or more can be used in the application The computer program production that usable storage medium is implemented on (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.
The application is with reference to the flow according to the method for the embodiment of the present application, equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that it can be realized by computer program instructions every first-class in flowchart and/or the block diagram The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided The processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that the instruction performed by computer or the processor of other programmable data processing devices is generated for real The device of function specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction generation being stored in the computer-readable memory includes referring to Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or The function of being specified in multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps are performed on calculation machine or other programmable devices to generate computer implemented processing, so as in computer or The instruction offer performed on other programmable devices is used to implement in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in a box or multiple boxes.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net Network interface and memory.
Memory may include computer-readable medium in volatile memory, random access memory (RAM) and/ Or the forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable Jie The example of matter.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, CD-ROM read-only memory (CD-ROM), Digital versatile disc (DVD) or other optical storages, magnetic tape cassette, the storage of tape magnetic rigid disk or other magnetic storage apparatus Or any other non-transmission medium, available for storing the information that can be accessed by a computing device.It defines, calculates according to herein Machine readable medium does not include temporary computer readable media (transitory media), such as data-signal and carrier wave of modulation.
It these are only embodiments herein, be not limited to the application.To those skilled in the art, The application can have various modifications and variations.All any modifications made within spirit herein and principle, equivalent replacement, Improve etc., it should be included within the scope of claims hereof.

Claims (10)

1. a kind of web application authorization method, applied in the host to be verified for running web application, which is characterized in that Including:
When operational objective web application, the public key being stored in the target web application, the public key root are obtained It is generated according to rivest, shamir, adelman;
Authorization file is obtained, the authorization file includes the first digital signature and authorization message, first number Signature is signed to obtain using private key corresponding with the public key to the authorization message;
Whether it is tampered using authorization file described in the public key and first digital signature authentication;
After determining that the authorization file is not tampered with, the target web application is verified according to the authorization message Operation information whether matched with the authorization message;
When the operation information of the target web application is mismatched with the authorization message, the target Web applications are exited Program.
2. according to the method described in claim 1, it is characterized in that, the authorization message includes the target web application The unique mark and licensing term of corresponding authorized host;
It is described whether to be tampered using authorization file described in the public key and first digital signature authentication, including:
First digital signature is decrypted to obtain the first cryptographic Hash using the public key;
Authorization message and corresponding second cryptographic Hash of the authorization message are obtained from the authorization file;
Compare first cryptographic Hash and whether second cryptographic Hash is identical;
If first cryptographic Hash is identical with second cryptographic Hash, it is determined that the authorization file is not tampered with;
If first cryptographic Hash is different from second cryptographic Hash, it is determined that the authorization file is tampered.
3. according to the method described in claim 1, it is characterized in that, the authorization message first including authorized host is unique Mark and licensing term;
It is described after the determining authorization file is not tampered with, verify that the target Web is applied according to the authorization message Whether the operation information of program matches with the authorization message, including:
Obtain the second unique mark of the host to be verified;
Judge whether second unique mark and first unique mark are identical;
If second unique mark is identical with first unique mark, judge whether current time is permitted in the mandate In licensing term that can be in file;
When the current time is in the licensing term, determine the operation information of the target web application with it is described Authorization message matches;
When second unique mark and first unique mark differ, alternatively, current time exceeds the licensing term When, the operation information and the authorization message that determine the target web application mismatch.
4. according to the method described in claim 1, it is characterized in that, the method further includes:
The target web application is digitally signed, obtains the second digital signature;
When running the target web application, it is using target web application described in second digital signature authentication It is no to be tampered;
When determining that the target web application is not tampered with, perform the acquisition and be stored in the target web application In public key the step of.
5. a kind of web application authorization method, which is characterized in that applied to the master that empowerment management is carried out to web application In machine, the method includes:
Obtain the unique mark for being authorized to host and the licensing term for obtaining the target web application;
Public key and private key are generated, and will be in public key storage to the target web application according to rivest, shamir, adelman;
It is signed using the private key to the unique mark and the licensing term, obtains first digital signature;
Authorization file is generated, and by described in using first digital signature, the unique mark and the licensing term In the storage to the target web application of authorization file;When the authorized host loads the target Web application journeys After sequence, whether be tampered using authorization file described in the public key and first digital signature authentication and, when determine When the authorization file is not tampered with, it is authorized to master described in authorization file verification described in the authorized host computer Whether the operation information of the machine operation target web application meets the authorization message in the authorization file.
6. a kind of web application authorization device, applied in the host to be verified for running web application, which is characterized in that Including:
First acquisition module, for when operational objective web application, acquisition to be stored in the target web application Public key, the public key generates according to rivest, shamir, adelman;
Second acquisition module, for obtaining authorization file, the authorization file includes the first digital signature and mandate Information, first digital signature are signed to obtain using private key corresponding with the public key to the authorization message;
First authentication module, for using authorization file described in the public key and first digital signature authentication whether by It distorts;
Second authentication module, for after the determining authorization file is not tampered with, institute to be verified according to the authorization message Whether the operation information for stating target web application matches with the authorization message;
Program exits module, for when the operation information of the target web application is mismatched with the authorization message, moving back Go out the target web application.
7. device according to claim 6, which is characterized in that the authorization message includes the target web application The unique mark and licensing term of corresponding authorized host;First authentication module includes:
Submodule is decrypted, for being decrypted to obtain the first cryptographic Hash to first digital signature using the public key;
Computational submodule is breathed out for obtaining authorization message and the authorization message corresponding second from the authorization file Uncommon value;
Whether comparison sub-module is identical for first cryptographic Hash and second cryptographic Hash;
First determination sub-module, for when first cryptographic Hash is identical with second cryptographic Hash, determining that the mandate is permitted Can file be not tampered with;
Second determination sub-module, for when first cryptographic Hash is with the second cryptographic Hash difference, determining that the mandate is permitted Can file be tampered.
8. device according to claim 6, which is characterized in that the authorization message first including authorized host is unique Mark and licensing term;Second authentication module includes:
First acquisition submodule, for obtaining the second unique mark of the host to be verified;
First judging submodule, for judging whether second unique mark and first unique mark are identical;
Second judgment submodule, for when second unique mark is identical with first unique mark, when judging current Between whether in the licensing term in the authorization file;
Third determination sub-module, for when the current time is in the licensing term, determining the target Web application journeys The operation information of sequence is matched with the authorization message;
4th determination sub-module differs for working as second unique mark with first unique mark, alternatively, when current Between when exceeding the licensing term, determine that the operation information of the target web application is mismatched with the authorization message.
9. device according to claim 6, which is characterized in that described device further includes:
Digital Signature module for being digitally signed to the target web application, obtains the second digital signature;
Third authentication module, for when running the target web application, using described in second digital signature authentication Whether target web application is tampered;When determining that the target web application is not tampered with, control described first obtains The acquisition of modulus block is stored in the public key in the target web application.
10. a kind of web application authorization device, which is characterized in that applied to the master that empowerment management is carried out to web application In machine, described device includes:
First acquisition module, for obtaining the unique mark of authorized host;
Second acquisition module, for obtaining the licensing term of the target web application;
Key production module for generating public key and private key according to rivest, shamir, adelman, and the public key is stored to described In target web application;
Digital Signature module for signing using the private key to the unique mark and the licensing term, obtains institute State the first digital signature;
Authorization file generating module, for utilizing first digital signature, the unique mark and the licensing term Authorization file is generated, and will be in authorization file storage to the target web application;When authorized host Load after the target web application is using authorization file described in the public key and first digital signature authentication It is no to be tampered, when determining that the authorization file is not tampered with, authorization file described in the authorized host computer Verify whether the operation information that the authorized host runs the target web application meets in the authorization file Authorization message.
CN201611255895.9A 2016-12-30 2016-12-30 Web application authorization method and device Pending CN108268767A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611255895.9A CN108268767A (en) 2016-12-30 2016-12-30 Web application authorization method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611255895.9A CN108268767A (en) 2016-12-30 2016-12-30 Web application authorization method and device

Publications (1)

Publication Number Publication Date
CN108268767A true CN108268767A (en) 2018-07-10

Family

ID=62754277

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611255895.9A Pending CN108268767A (en) 2016-12-30 2016-12-30 Web application authorization method and device

Country Status (1)

Country Link
CN (1) CN108268767A (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109815745A (en) * 2019-01-11 2019-05-28 珠海金山网络游戏科技有限公司 A kind of application program authorization method based on image signatures
CN110557401A (en) * 2019-09-17 2019-12-10 百度在线网络技术(北京)有限公司 brand transaction processing method, device, equipment and medium based on block chain
CN111106939A (en) * 2019-11-14 2020-05-05 杉数科技(北京)有限公司 Software authorization method, method and device for acquiring software permission
CN111611552A (en) * 2020-05-21 2020-09-01 浩云科技股份有限公司 License authorization method and device based on combination of software and hardware
CN112035887A (en) * 2020-09-01 2020-12-04 武汉虹旭信息技术有限责任公司 Certificate authorization method and device, electronic equipment and storage medium
CN112380501A (en) * 2021-01-19 2021-02-19 北京信安世纪科技股份有限公司 Equipment operation method, device, equipment and storage medium
CN112733090A (en) * 2020-12-31 2021-04-30 航天信息股份有限公司 Method and device for manufacturing and verifying software authorization certificate
CN113051036A (en) * 2021-03-31 2021-06-29 京东方科技集团股份有限公司 Application program licensing method, device, equipment and medium based on Docker container
CN113094708A (en) * 2021-04-12 2021-07-09 北京明朝万达科技股份有限公司 Electronic file processing method and device, storage medium and processor
CN113268742A (en) * 2021-04-07 2021-08-17 支付宝(杭州)信息技术有限公司 Data authorization method and device and electronic equipment
WO2021218331A1 (en) * 2020-04-28 2021-11-04 深圳壹账通智能科技有限公司 Offline software licensing method, apparatus and device, and storage medium
CN113626770A (en) * 2021-08-04 2021-11-09 北京锐安科技有限公司 Authorization control method, device, equipment and storage medium for application program
CN113742660A (en) * 2021-08-11 2021-12-03 阿里巴巴新加坡控股有限公司 Application program permission management system and method
CN114896621A (en) * 2022-07-15 2022-08-12 深圳竹云科技股份有限公司 Application service acquisition method, encryption method, device and computer equipment

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009061171A2 (en) * 2007-11-09 2009-05-14 Mimos Berhad Secure software licensing control mechanism
CN101739525A (en) * 2009-11-30 2010-06-16 北京飞天诚信科技有限公司 Safety check method, compilation device, .NET card and system
CN102314572A (en) * 2011-10-14 2012-01-11 迈普通信技术股份有限公司 Registration information file generation method and device, and use authorization method of application software
CN102509034A (en) * 2011-09-30 2012-06-20 广东电子工业研究院有限公司 Software license control device and method
CN103312513A (en) * 2013-06-19 2013-09-18 北京华胜天成科技股份有限公司 Method and system for verifying use authorization in distributed environment
CN103347090A (en) * 2013-07-17 2013-10-09 成都盈锐科技有限公司 Software license management system based on enterprise network
CN103491097A (en) * 2013-09-30 2014-01-01 华中师范大学 Software authorization system based on public key cryptosystem
CN104700002A (en) * 2013-12-05 2015-06-10 航天信息软件技术有限公司 Software protecting, authorizing and registering method
CN105656889A (en) * 2015-12-30 2016-06-08 东软集团股份有限公司 WebApp issuing method, server and client
CN106096381A (en) * 2016-06-06 2016-11-09 北京壹人壹本信息科技有限公司 The method and system of application file checking

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009061171A2 (en) * 2007-11-09 2009-05-14 Mimos Berhad Secure software licensing control mechanism
CN101739525A (en) * 2009-11-30 2010-06-16 北京飞天诚信科技有限公司 Safety check method, compilation device, .NET card and system
CN102509034A (en) * 2011-09-30 2012-06-20 广东电子工业研究院有限公司 Software license control device and method
CN102314572A (en) * 2011-10-14 2012-01-11 迈普通信技术股份有限公司 Registration information file generation method and device, and use authorization method of application software
CN103312513A (en) * 2013-06-19 2013-09-18 北京华胜天成科技股份有限公司 Method and system for verifying use authorization in distributed environment
CN103347090A (en) * 2013-07-17 2013-10-09 成都盈锐科技有限公司 Software license management system based on enterprise network
CN103491097A (en) * 2013-09-30 2014-01-01 华中师范大学 Software authorization system based on public key cryptosystem
CN104700002A (en) * 2013-12-05 2015-06-10 航天信息软件技术有限公司 Software protecting, authorizing and registering method
CN105656889A (en) * 2015-12-30 2016-06-08 东软集团股份有限公司 WebApp issuing method, server and client
CN106096381A (en) * 2016-06-06 2016-11-09 北京壹人壹本信息科技有限公司 The method and system of application file checking

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109815745B (en) * 2019-01-11 2023-02-17 珠海金山数字网络科技有限公司 Application program authorization method based on image signature
CN109815745A (en) * 2019-01-11 2019-05-28 珠海金山网络游戏科技有限公司 A kind of application program authorization method based on image signatures
CN110557401A (en) * 2019-09-17 2019-12-10 百度在线网络技术(北京)有限公司 brand transaction processing method, device, equipment and medium based on block chain
CN111106939A (en) * 2019-11-14 2020-05-05 杉数科技(北京)有限公司 Software authorization method, method and device for acquiring software permission
WO2021218331A1 (en) * 2020-04-28 2021-11-04 深圳壹账通智能科技有限公司 Offline software licensing method, apparatus and device, and storage medium
CN111611552A (en) * 2020-05-21 2020-09-01 浩云科技股份有限公司 License authorization method and device based on combination of software and hardware
CN111611552B (en) * 2020-05-21 2023-04-07 浩云科技股份有限公司 License authorization method and device based on combination of software and hardware
CN112035887A (en) * 2020-09-01 2020-12-04 武汉虹旭信息技术有限责任公司 Certificate authorization method and device, electronic equipment and storage medium
CN112035887B (en) * 2020-09-01 2023-10-27 武汉虹旭信息技术有限责任公司 Certificate authorization method and device, electronic equipment and storage medium
CN112733090A (en) * 2020-12-31 2021-04-30 航天信息股份有限公司 Method and device for manufacturing and verifying software authorization certificate
CN112380501A (en) * 2021-01-19 2021-02-19 北京信安世纪科技股份有限公司 Equipment operation method, device, equipment and storage medium
CN113051036A (en) * 2021-03-31 2021-06-29 京东方科技集团股份有限公司 Application program licensing method, device, equipment and medium based on Docker container
CN113268742A (en) * 2021-04-07 2021-08-17 支付宝(杭州)信息技术有限公司 Data authorization method and device and electronic equipment
CN113094708A (en) * 2021-04-12 2021-07-09 北京明朝万达科技股份有限公司 Electronic file processing method and device, storage medium and processor
CN113626770A (en) * 2021-08-04 2021-11-09 北京锐安科技有限公司 Authorization control method, device, equipment and storage medium for application program
CN113742660A (en) * 2021-08-11 2021-12-03 阿里巴巴新加坡控股有限公司 Application program permission management system and method
CN113742660B (en) * 2021-08-11 2023-07-25 阿里巴巴新加坡控股有限公司 Application program license management system and method
CN114896621B (en) * 2022-07-15 2022-10-14 深圳竹云科技股份有限公司 Application service acquisition method, encryption method, device and computer equipment
CN114896621A (en) * 2022-07-15 2022-08-12 深圳竹云科技股份有限公司 Application service acquisition method, encryption method, device and computer equipment

Similar Documents

Publication Publication Date Title
CN108268767A (en) Web application authorization method and device
CN110011956B (en) Data processing method and device
KR100670005B1 (en) Apparatus for verifying memory integrity remotely for mobile platform and system thereof and method for verifying integrity
CN107770159B (en) Vehicle accident data recording method and related device and readable storage medium
CN107409002A (en) Method and apparatus of the repeatable encryption key of general certainty to expression are provided for all SKU, canister and article
EP3590223A1 (en) Integrated method and device for storing and sharing data
AU2019419934A1 (en) Methods and systems for preparing and performing an object authentication
CN106416124A (en) Semi-deterministic digital signature generation
CN110710155A (en) Progressive key encryption algorithm
US20220070006A1 (en) Methods, devices and system for the security-protected provision of sets of data
CN102663591A (en) Product anti-counterfeiting method and system based on electronic tag
CN103559454B (en) Data protection system and method
CN106161470B (en) A kind of authorization method, client, server and system
US20220337392A1 (en) Automatic digital media authenticator
CN107743065A (en) Battery uses verification method, battery system and automobile
CN116582266B (en) Electronic signature method, electronic signature system, and readable storage medium
CN107995148A (en) The anti-tamper method of file, system, terminal and credible cloud platform
CN112699353A (en) Financial information transmission method and financial information transmission system
CN102270285B (en) Key authorization information management method and device
CN107852328B (en) Enhanced obfuscation or randomization for secure product identification and verification
CN109978543B (en) Contract signing method and device, electronic equipment and storage medium
CN108540447A (en) A kind of certification authentication method and system based on block chain
CN107391974A (en) A kind of backup method and device of software protecting equipment data
CN107026729B (en) Method and device for transmitting software
Islam et al. Remote configuration of integrated circuit features and firmware management via smart contract

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 100080 No. 401, 4th Floor, Haitai Building, 229 North Fourth Ring Road, Haidian District, Beijing

Applicant after: BEIJING GRIDSUM TECHNOLOGY Co.,Ltd.

Address before: 100086 Cuigong Hotel, 76 Zhichun Road, Shuangyushu District, Haidian District, Beijing

Applicant before: BEIJING GRIDSUM TECHNOLOGY Co.,Ltd.

RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180710