CN111708991A - Service authorization method, service authorization device, computer equipment and storage medium - Google Patents

Service authorization method, service authorization device, computer equipment and storage medium Download PDF

Info

Publication number
CN111708991A
CN111708991A CN202010554053.3A CN202010554053A CN111708991A CN 111708991 A CN111708991 A CN 111708991A CN 202010554053 A CN202010554053 A CN 202010554053A CN 111708991 A CN111708991 A CN 111708991A
Authority
CN
China
Prior art keywords
authorization
hardware information
information
authorization certificate
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010554053.3A
Other languages
Chinese (zh)
Inventor
孙祥学
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202010554053.3A priority Critical patent/CN111708991A/en
Publication of CN111708991A publication Critical patent/CN111708991A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application relates to a service authorization method, a service authorization device, a computer device and a storage medium. The method comprises the following steps: acquiring first hardware information of a computer device and generating an authorization request comprising the first hardware information; sending the authorization request to an authorization server; the authorization server responds to the authorization request, acquires a private key, signs the first hardware information by adopting the private key to obtain signature information, generates an authorization certificate based on the signature information and the first hardware information, and returns the authorization certificate to the computer equipment; receiving an authorization certificate returned by the authorization server, and analyzing the authorization certificate to obtain second hardware information and a public key corresponding to the private key; verifying the legality of the authorization certificate by adopting a public key; and when the verification is passed, matching the second hardware information with the first hardware information, and when the second hardware information is consistent with the first hardware information, acquiring service by adopting an authorization certificate. The method can improve the safety of service authorization.

Description

Service authorization method, service authorization device, computer equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a service authorization method and apparatus, a computer device, and a storage medium.
Background
Before the computer device obtains the service, the server can authorize the service and issue the authorization certificate to the computer device, and after the computer device obtains the authorization certificate, the server can obtain the service. In the traditional service authorization method, the server usually encrypts the authorization certificate, and further can encrypt the authorization certificate for multiple times; and the computer equipment decrypts the authorization certificate after acquiring the encrypted authorization certificate.
However, this method for authorizing services has a problem of low security.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a service authorization method, apparatus, computer device and storage medium capable of improving security.
A method of authorization of a service, the method comprising:
acquiring first hardware information of a computer device and generating an authorization request comprising the first hardware information;
sending the authorization request to an authorization server; the authorization server responds to the authorization request, acquires a private key, signs the first hardware information by adopting the private key to obtain signature information, generates an authorization certificate based on the signature information and the first hardware information, and returns the authorization certificate to the computer equipment;
receiving the authorization certificate returned by the authorization server, and analyzing the authorization certificate to obtain second hardware information and a public key corresponding to the private key;
verifying the legality of the authorization certificate by adopting the public key;
and matching the second hardware information with the first hardware information when the validity of the authorization certificate passes the verification, and acquiring service by using the authorization certificate when the second hardware information is consistent with the first hardware information.
In one embodiment, after encrypting the timing information and the application time to obtain a ciphertext, the method further includes:
writing the ciphertext into a hidden file;
when the second hardware information is consistent with the first hardware information, acquiring the ciphertext, including:
and when the second hardware information is consistent with the first hardware information, acquiring the ciphertext from the hidden file.
In one embodiment, the obtaining first hardware information of a computer device and generating an authorization request including the first hardware information includes:
acquiring first hardware information of computer equipment and corresponding application time, and generating an authorization request comprising the first hardware information and the application time; the authorization server responds to the application time in the authorization request, and generates an effective period; the valid period is also included in the authorization certificate;
when the second hardware information is consistent with the first hardware information, adopting the authorization certificate to obtain service, including:
when the second hardware information is consistent with the first hardware information, acquiring a current first moment;
and matching the first time with the valid period in the authorization certificate, and acquiring service by using the authorization certificate when the first time is within the valid period.
An apparatus for authorizing a service, the apparatus comprising:
the computer equipment comprises an authorization request generation module, a first hardware information acquisition module and a second hardware information acquisition module, wherein the authorization request generation module is used for acquiring first hardware information of the computer equipment and generating an authorization request comprising the first hardware information;
the sending module is used for sending the authorization request to an authorization server; the authorization server responds to the authorization request, acquires a private key, signs the first hardware information by adopting the private key to obtain signature information, generates an authorization certificate based on the signature information and the first hardware information, and returns the authorization certificate to the computer equipment;
the analysis module is used for receiving the authorization certificate returned by the authorization server and analyzing the authorization certificate to obtain second hardware information and a public key corresponding to the private key;
the verification module is used for verifying the legality of the authorization certificate by adopting the public key;
and the service acquisition module is used for matching the second hardware information with the first hardware information when the validity check of the authorization certificate is passed, and acquiring service by using the authorization certificate when the second hardware information is consistent with the first hardware information.
A computer device comprising a memory storing a computer program and a processor implementing the steps of the method described above when executing the computer program.
A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method.
After the computer sends the authorization request to the authorization request server, the computer receives the returned authorization certificate and verifies the legality of the authorization certificate; when the validity of the authorization certificate passes the verification, the computer equipment can trust the information in the authorization certificate, then the second hardware information is matched with the first hardware information, and when the second hardware information is consistent with the first hardware information, the computer equipment applying the authorization service is consistent with the currently running computer equipment, and the computer equipment can adopt the authorization certificate to obtain the service; the authorization certificate is bound with the hardware information of the computer equipment, so that the economic loss of an authorization mechanism and the chaos of information caused by the fact that a plurality of computer equipment adopt the same authorization certificate to obtain services can be avoided, and the safety of service authorization is improved.
Drawings
FIG. 1 is a diagram of an application environment of a method for authorization of a service in one embodiment;
FIG. 2 is a flow diagram of an authorization method for a service in one embodiment;
FIG. 3 is a diagram of an authorization certificate in one embodiment;
FIG. 4 is a flowchart illustrating the step of checking whether the current first time is due for expiration in one embodiment;
FIG. 5 is a flow diagram of a method for authorization of a service in another embodiment;
FIG. 6 is a block diagram of the structure of an authorization device serving in one embodiment;
FIG. 7 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The service authorization method provided by the application can be applied to the application environment shown in fig. 1. Wherein the computer device 102 communicates with the authorization server 104. The computer device 102 acquires first hardware information of itself and generates an authorization request including the first hardware information; sending an authorization request to authorization server 104; the authorization server 104, in response to the authorization request, acquires a private key, signs the first hardware information with the private key to obtain signature information, generates an authorization certificate based on the signature information and the first hardware information, and returns the authorization certificate to the computer device 102; the computer device 102 receives the authorization certificate returned by the authorization server 104, and analyzes the authorization certificate to obtain second hardware information and a public key corresponding to the private key; verifying the legality of the authorization certificate by adopting a public key; and when the validity of the authorization certificate passes the verification, matching the second hardware information with the first hardware information, and when the second hardware information is consistent with the first hardware information, acquiring service by using the authorization certificate.
The computer device 102 may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, and the like.
The authorization server 104 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a network service, cloud communication, a middleware service, a domain name service, a security service, a CDN, a big data and artificial intelligence platform, and the like. Computer device 102 and authorization server 104 may be connected directly or indirectly through wired or wireless communication, and the application is not limited thereto.
The authorization server in the present application may use Cloud technology (Cloud technology) to process, where Cloud technology refers to a hosting technology that unifies series of resources such as hardware, software, and network in a wide area network or a local area network to implement calculation, storage, processing, and sharing of data.
Cloud technology (Cloud technology) is based on a general term of network technology, information technology, integration technology, management platform technology, application technology and the like applied in a Cloud computing business model, can form a resource pool, is used as required, and is flexible and convenient. Cloud computing technology will become an important support. Background services of the technical network system require a large amount of computing and storage resources, such as video websites, picture-like websites and more web portals. With the high development and application of the internet industry, each article may have its own identification mark and needs to be transmitted to a background system for logic processing, data in different levels are processed separately, and various industrial data need strong system background support and can only be realized through cloud computing.
Further, the authorization server in the present application may also perform processing by using Cloud Security (Cloud Security), which refers to a generic name of Security software, hardware, users, organizations, and Security Cloud platforms applied based on a Cloud computing business model. The cloud security integrates emerging technologies and concepts such as parallel processing, grid computing and unknown virus behavior judgment, abnormal monitoring of software behaviors in the network is achieved through a large number of meshed clients, the latest information of trojans and malicious programs in the internet is obtained and sent to the server for automatic analysis and processing, and then the virus and trojan solution is distributed to each client.
The main research directions of cloud security include: 1. the cloud computing security mainly researches how to guarantee the security of the cloud and various applications on the cloud, including the security of a cloud computer system, the secure storage and isolation of user data, user access authentication, information transmission security, network attack protection, compliance audit and the like; 2. the cloud of the security infrastructure mainly researches how to adopt cloud computing to newly build and integrate security infrastructure resources and optimize a security protection mechanism, and comprises the steps of constructing a super-large-scale security event and an information acquisition and processing platform through a cloud computing technology, realizing the acquisition and correlation analysis of mass information, and improving the handling control capability and the risk control capability of the security event of the whole network; 3. the cloud security service mainly researches various security services, such as anti-virus services and the like, provided for users based on a cloud computing platform.
In one embodiment, as shown in fig. 2, a method for authorizing a service is provided, which is described by taking the method as an example applied to the computer device in fig. 1, and comprises the following steps:
step 202, obtaining first hardware information of the computer device, and generating an authorization request including the first hardware information.
The first hardware information refers to information that can uniquely identify a computer device, and may include at least one of a CPU (central processing unit) serial number, a motherboard serial number, a disk serial number, a MAC (Media access control Address) Address, a memory bank serial number, an intranet IP (Internet protocol Address) Address (virtual machine scenario), and the like. The MAC Address is also called a local area network Address (LAN Address), an Ethernet Address (Ethernet Address) or a physical Address (physical Address), and is an Address for confirming the location of the network device.
The authorization request includes the first hardware information, and may further include a user identifier registered in the computer device, a current time when the authorization request is generated, a manufacturer of the computer device, a brand of the computer device, a model of the computer device, and the like.
Specifically, the computer device calls a get _ server _ info tool to acquire first hardware information of the computer device, and generates an authorization request including the first hardware information.
Step 204, sending the authorization request to an authorization server; the authorization server responds to the authorization request, acquires the private key, signs the first hardware information by adopting the private key to obtain signature information, generates an authorization certificate based on the signature information and the first hardware information, and returns the authorization certificate to the computer equipment.
An authorization server refers to a server that authorizes a service. The authorization server is typically the server where the certificate authority is authorized.
In one embodiment, the computer device may send an authorization request to an authorization server over a network. In another embodiment, the computer device may copy the authorization request to the removable memory and transmit the authorization request to the authorization server via the removable memory. Wherein, the mobile memory is a U disk, a mobile hard disk, etc.
The private key corresponds to the public key, and generally, the private key is not disclosed, and the public key can be disclosed. That is, the private key is stored in an authorization server, while the public key may be obtained by one or more computer devices.
The authorization server receives the authorization request, responds to the authorization request, and generates a public key and a private key by adopting an RSA algorithm. The RSA encryption algorithm is an asymmetric encryption algorithm.
The authorization server executes an auth _ conference tool to encrypt the first hardware information by using a private key to obtain signature information, and generates an authorization certificate based on the signature information and the first hardware information. The authorization certificate includes the first hardware information and the signature information, and may further include at least one of a public key corresponding to the private key, an identifier of the authorization server, a time when the authorization certificate is generated, a validity period of the authorization certificate, and the like.
In one embodiment, the authorization server may splice the signature information and the first hardware information to obtain the authorization certificate. In another embodiment, the authorization server may also encode the signature information and the first hardware information to obtain the authorization certificate. The manner in which the authorization server generates the authorization credentials is not limited.
And step 206, receiving the authorization certificate returned by the authorization server, and analyzing the authorization certificate to obtain the second hardware information and the public key corresponding to the private key.
The second hardware information refers to information identifying the computer device in the authorization certificate, and may include at least one of a CPU (central processing unit) serial number, a motherboard serial number, a disk serial number, a MAC (Media access control Address) Address, a memory bank serial number, an intranet IP (Internet protocol Address) Address (virtual machine scenario), and the like.
It is understood that the second hardware information may or may not be identical to the first hardware information. When the second hardware information is consistent with the first hardware information, the computer device which indicates that the authorization of the service is applied is the same as the computer device which currently receives the authorization certificate. When the second hardware information is inconsistent with the first hardware information, the computer device applying for service authorization is different from the computer device currently receiving the authorization certificate, and the authorization certificate applied by the computer device applying for service authorization may be sent to other computer devices after being tampered.
And the computer equipment receives the authorization certificate returned by the authorization server, analyzes the authorization certificate and can obtain the second hardware information and the public key corresponding to the private key. After the computer device analyzes the authorization certificate, at least one of the identifier of the authorization server, the time of generating the authorization certificate, the valid period of the authorization certificate, and the like can be obtained.
In one embodiment, as shown in fig. 3, the authorization certificate includes information such as expiration date, user, public key, fingerprint algorithm, fingerprint, etc., and each information includes fields and values. For example, the validity period is from 29/9: 26: 36/2018/9/29 to 29/10/2018/9: 26:36, the user is NM179S008851, btla80., wherein the user' S value includes the second hardware information, public key RSA (2048Bits), fingerprint algorithm shal, fingerprint 41f6 b573d 528.
And step 208, verifying the validity of the authorization certificate by using the public key.
It can be understood that, after the computer device receives the authorization certificate, for the security of the computer device, the validity of the authorization certificate needs to be checked, so as to ensure the accuracy and security of the information in the authorization certificate.
The computer device adopts the public key to check the validity of the authorization certificate, namely, whether the authorization certificate is generated by the authorization server or not is checked, and whether the authorization certificate is issued by an authorization certificate issuing authority in which the authorization server is positioned or not is checked.
And step 210, when the validity of the authorization certificate passes the verification, matching the second hardware information with the first hardware information, and when the second hardware information is consistent with the first hardware information, acquiring service by using the authorization certificate.
When the validity check of the authorization certificate passes, the authorization certificate is generated by the authorization server, and the authorization certificate is issued by an authorization certificate authority in which the authorization server is located, the computer device can trust information in the authorization certificate.
When the validity check of the authorization certificate fails, it indicates that the authorization certificate is not generated by the authorization server, or the authorization certificate is not issued by the authorization certificate authority in which the authorization server is located, so that the information in the authorization certificate is not trusted, and the computer device may delete the authorization certificate or not process the authorization certificate.
In the traditional service authorization method, a user can send an authorization certificate to other computer equipment for use, and the problem of one certificate of multiple purposes exists.
When the validity of the authorization certificate passes the verification, the computer equipment matches the second hardware information with the first hardware information, when the second hardware information is consistent with the first hardware information, the second hardware information in the authorization certificate is trustable, and the computer equipment applying for the authorization service is consistent with the currently running computer equipment, so that the authorization certificate can be used for acquiring the service. The obtained service can be intelligent cataloging, intelligent auditing and the like.
When the second hardware information is inconsistent with the first hardware information, the computer equipment applying for the authorization service is inconsistent with the currently running computer equipment, and the authorization certificate may have one certificate with multiple purposes, the authorization certificate acquisition service is stopped being adopted.
In the service authorization method, after the computer sends the authorization request to the authorization request server, the computer receives the returned authorization certificate and verifies the legality of the authorization certificate; when the validity of the authorization certificate passes the verification, the computer equipment can trust the information in the authorization certificate, then the second hardware information is matched with the first hardware information, and when the second hardware information is consistent with the first hardware information, the computer equipment applying the authorization service is consistent with the currently running computer equipment, and the computer equipment can adopt the authorization certificate to obtain the service; the authorization certificate is bound with the hardware information of the computer equipment, so that the economic loss of an authorization mechanism and the chaos of information caused by the fact that a plurality of computer equipment adopt the same authorization certificate to obtain services can be avoided, and the safety of service authorization is improved.
The authorization method of the service also utilizes a Certificate Authority (CA) authentication system in Public Key Infrastructure (PKI) Public Key Infrastructure technology, can effectively bind hardware information of the computer equipment with the authorization certificate, prevents one certificate from multiple purposes, and effectively ensures software intellectual property rights of an authorization certificate issuing organization where the authorization server is located.
In one embodiment, the authorization method of the service can be applied to a privatization scenario. For example, in order to ensure the security of assets such as internal video content, public cloud services are difficult to meet application scenarios for radio and television users (Beijing television stations, Heilongjiang television stations, and the like), and privatization needs arise, that is, a complete set of services of the users are deployed on computer equipment of a client intranet, so that the assets such as internal video and the like are prevented from being leaked. The video AI related services are privatized and deployed, including intelligent cataloging, intelligent auditing and the like, and the privatization software and the authorization certificate can be effectively provided and managed.
In one embodiment, as shown in fig. 4, obtaining first hardware information of a computer device and generating an authorization request including the first hardware information comprises:
step 402, acquiring first hardware information of a computer device and corresponding application time, and generating an authorization request comprising the first hardware information and the application time; the authorization server responds to the application time in the authorization request, and generates an effective period; the authorization certificate also includes a validity period.
The application time refers to the time when the computer device acquires the first hardware information, and represents the time when the computer device applies for the authorization certificate. The term of validity refers to a term by which a service can be acquired using an authorization certificate. For example, the expiration date may be one year, one month, 100 days, from 6/month 2/2020 to 3/month 17/2021, and the like.
Alternatively, the valid period may be set by default in the authorization server, or may be generated according to a period requested by the user included in the authorization request, without being limited thereto. Specifically, the authorization request further includes a term requested by the user, and the authorization server generates an effective term based on the application time and the term requested by the user. For example, if the authorization request further includes that the term requested by the user is 1 year, and the application time is 6/month/2/2020, the generated valid term is from 6/month/2/2020 to 6/month/2/2021.
Specifically, the computer device calls a get _ server _ info tool to obtain first hardware information of the computer device and corresponding application time, and generates an authorization request including the first hardware information and the application time.
When the second hardware information is consistent with the first hardware information, adopting an authorization certificate to obtain service, comprising:
and step 404, when the second hardware information is consistent with the first hardware information, acquiring a current first moment.
The first time point is a time point at which it is determined that the second hardware information is identical to the first hardware information.
When the validity check of the authorization certificate passes, the authorization certificate is generated by the authorization server, and the authorization certificate is issued by an authorization certificate issuing authority in which the authorization server is located, the computer device can trust information in the authorization certificate, and the computer acquires the current first time.
And step 406, matching the first time with the valid period of the authorization certificate, and acquiring service by using the authorization certificate when the first time is within the valid period.
The computer device obtains the valid period from the authorization certificate, matches the first time with the valid period in the authorization certificate, and when the first time is within the valid period, the current authorization certificate is still in the valid period, the authorization certificate obtaining service can be adopted.
In the embodiment, the computer equipment acquires first hardware information of the computer equipment and corresponding application time, generates an authorization request comprising the first hardware information and the application time, and sends the authorization request to an authorization server; the computer device receives the returned authorization certificate, the validity of the authorization certificate is verified to be passed, when the validity of the authorization certificate is verified to be passed and the second hardware information is judged to be consistent with the first hardware information, the current first moment is obtained, whether the current authorization certificate is in the valid period or not is judged, and when the current authorization certificate is in the valid period, the authorization certificate can be accurately used in the valid period by adopting the authorization certificate obtaining service.
In one embodiment, after obtaining the first hardware information of the computer device and the corresponding application time, the method further includes: starting a timer to acquire timing information; when the second hardware information is consistent with the first hardware information, acquiring a current first time, including: and when the second hardware information is consistent with the first hardware information, acquiring application time and timing information, and determining the current first time based on the application time and the timing information.
The timer refers to a module for counting time. Timing information refers to the number of clocks that the computer device is continuously running. When the timer is started, the timer can acquire the number of clocks continuously running by the computer equipment in real time.
Specifically, when the second hardware information is consistent with the first hardware information, the computer device obtains timing information, determines timing duration according to the timing information, and determines the current first time based on the application time and the timing duration.
For example, the application time is 19 o 'clock 39 min 30 sec 6/2/2020, a timer is started, the timer can acquire one clock every 1 sec, when the timing information is 120, the timing duration is 120 sec, the application time and the timing duration are added, and the current time can be determined to be 19 o' clock 41 min 30 sec 6/2/2020; when the time keeping information is 600, the current time is 19 o' clock 49 min 30 sec on 2 nd 6 of 2020. In other embodiments, the timer may acquire one clock every 2 seconds, and acquire one clock every 0.5 seconds, but is not limited thereto.
In this embodiment, after obtaining the first hardware information of the computer device and the corresponding application time, starting a timer, and when it is determined that the second hardware information is consistent with the first hardware information, determining whether the current first time is within the valid period of the authorization certificate based on the timing information and the application time, that is, determining whether the authorization certificate is within the valid period, which can prevent a user from modifying the system time of the computer device and continuing to use the authorization certificate after the authorization certificate exceeds the valid period, and ensure that the authorization certificate can accurately provide services within the valid period.
Moreover, the computer device starts a timer in the computer device to acquire timing information, and even if the network between the computer device and the authorization server is disconnected, the computer device can still determine the current first time based on the stored application time and the timing information, so that whether the first time is within the valid period can be accurately judged; the validity period of the authorization certificate is not checked by a network, POC (Proof of Concept) test time authorization can be effectively controlled, the situation that a user continuously uses the authorization certificate by disconnecting the network and modifying the system time of the computer equipment after the authorization certificate exceeds the validity period is avoided, and the software intellectual property of an authority of the authorization certificate where the authorization server is located can be effectively guaranteed.
In one embodiment, starting the timer, and after acquiring the timing information, further includes: encrypting the timing information and the application time to obtain a ciphertext; when the second hardware information is consistent with the first hardware information, acquiring application time and timing information, including: when the second hardware information is consistent with the first hardware information, acquiring a ciphertext; and decrypting the ciphertext to obtain the application time and the timing information.
The ciphertext refers to the encrypted file. The computer equipment decrypts the ciphertext to obtain the plaintext, namely the application time and the timing information.
Specifically, the computer equipment splices the timing information and the application to obtain an integral file; acquiring a first key, and encrypting the whole file by adopting the first key to obtain a ciphertext; when the second hardware information is consistent with the first hardware information, acquiring a second key corresponding to the ciphertext and the first key; and decrypting the ciphertext by adopting the second key to obtain an integral file, and analyzing the integral file to obtain the application time and the timing information.
The first key and the second key may be the same or different.
When the first key and the second key are the same, the encrypted key and the decrypted key are the same key, i.e. the encryption algorithm is a symmetric encryption algorithm.
When the first key and the second key are different, one of the first key and the second key can be used as a public key, the other key can be used as a private key, the public key is used for encryption and then the private key is used for decryption, or the private key is used for encryption and then the public key is used for decryption, and the encryption algorithm is an asymmetric encryption algorithm.
In this embodiment, the timing information and the application time are encrypted to obtain the ciphertext, and when the second hardware information is consistent with the first hardware information, the ciphertext is decrypted to obtain the application time and the timing information, so that the security of the application time and the timing information can be ensured, and whether the current first time is within the validity period of the authorization certificate can be accurately judged.
Further, after encrypting the timing information and the application time to obtain the ciphertext, the method further includes: the computer equipment writes the ciphertext into the hidden file; when the second hardware information is consistent with the first hardware information, acquiring a ciphertext, including: and when the second hardware information is consistent with the first hardware information, acquiring the ciphertext from the hidden file.
A hidden file refers to a file that is in a hidden state. It can be understood that, in the computer device, the hidden file is in a hidden state, and a user cannot directly acquire data in the hidden file. Therefore, the computer equipment writes the ciphertext into the hidden file, so that the safety of timing information and application time can be further ensured; and when the acquired hardware information is consistent with the first hardware information, acquiring a ciphertext from the hidden file, and decrypting the ciphertext to acquire timing information and application time.
In one embodiment, after the obtaining the service by using the authorization certificate, the method further includes: acquiring a current second moment at preset time intervals; matching the second moment with the valid period in the authorization certificate, and continuing to adopt the authorization certificate to obtain service when the second moment is within the valid period; and when the second time is not within the valid period, stopping adopting the authorization certificate to obtain the service.
In one embodiment, the computer device may obtain a preset duration of the default setting of the system, such as 1 minute, 5 minutes, and so on. In another embodiment, the computer device may also obtain a preset duration from the authorization certificate, where the preset duration is set by the authorization server through the authorization certificate issuer.
The second time refers to the current time after a preset time interval.
The method for acquiring the current second moment by the computer equipment at preset time intervals specifically comprises the following steps: and the computer acquires the application time and the timing information at preset time intervals, and determines the current second time based on the application time and the timing information.
For example, the preset time period is 1 minute, the computer device acquires the application time and the timing information every 1 minute interval, and determines the current second time based on the application time and the timing information, thereby determining whether the current second time is within the valid period.
When the current second moment is judged to be still in the valid period, which indicates that the authorization certificate is still in the valid period, the computer equipment can continue to adopt the authorization certificate acquisition service; when it is determined that the current second time is not within the validity period, indicating that the authorization certificate has exceeded the validity period, the computer device may stop employing the authorization certificate acquisition service.
In this embodiment, the computer obtains the current second time every preset time interval, and determines whether the current second time is within the valid period, so as to determine whether the authorization certificate obtaining service can be continuously adopted, and accurately determine whether the authorization certificate is within the valid period.
In one embodiment, the method for generating the authorization certificate based on the signature information and the first hardware information includes: the authorization server acquires a first identifier of the authorization server, and performs hash calculation on the first hardware information and the first identifier as a whole to obtain a first hash value; encrypting the first hash value by using a private key to obtain signature information; combining the first hardware information, the first identifier and the signature information to generate an authorization certificate; analyzing the authorization certificate to obtain the second hardware information and the public key corresponding to the private key, including: analyzing the authorization certificate to obtain second hardware information, a second identifier and a public key corresponding to the private key; verifying the validity of the authorization certificate by adopting a public key, comprising the following steps: decrypting the signature information by using a public key to obtain a first hash value; performing hash calculation on the second hardware information and the second identifier as a whole to obtain a second hash value; and comparing the first hash value with the second hash value to obtain a comparison result, and verifying the legality of the authorization certificate based on the comparison result.
Hash (Hash) computation is the conversion of an arbitrary length input (also called a pre-mapped pre-image) into a fixed length output value by a Hash algorithm. The hash values obtained by performing hash calculation on the same object are the same, and the hash values obtained by performing hash calculation on different objects are different. For example, the computer device performs a hash calculation on X1 to obtain a hash value Y1; when X2 is obtained after tampering X1, and hash calculation is performed on X2 to obtain a hash value Y2, Y1 is different from Y2.
The first hash value refers to a value obtained by performing hash calculation on the first hardware information and the first identifier by the authorization server. The second hash value refers to a value obtained by the computer device performing hash calculation on the second hardware information and the second identifier.
The computer device analyzes the authorization certificate, so that second hardware information, signature information and a public key corresponding to the private key can be obtained, and the public key is adopted to decrypt the signature information, so that the first hash value can be obtained. The first hash value is obtained by performing hash calculation on the first hardware information and the first identifier by the authorization server. And the computer equipment performs hash calculation on the second hardware information and the second identifier to obtain a second hash value, and then compares the first hash value with the second hash value.
Further, the comparing, by the computer device, the first hash value and the second hash value to obtain a comparison result, and verifying the validity of the authorization certificate based on the comparison result includes: comparing the first hash value with the second hash value to obtain a comparison result, and when the comparison result shows that the first hash value is consistent with the second hash value, passing the validity check of the authorization certificate; and when the comparison result is that the first hash value and the second hash value are inconsistent, the validity check of the authorization certificate is not passed.
When the second hardware information is consistent with the first hardware information and the first identifier is consistent with the second identifier, the first hash value is consistent with the second hash value; and when the second hardware information is inconsistent with the first hardware information and the second identifier is inconsistent with the first identifier, the first hash value is inconsistent with the second hash value.
It can also be understood that, when the first hash value is consistent with the second hash value, the second hardware information is consistent with the first hardware information, and the first identifier is consistent with the second identifier, which indicates that the computer device applying for service authorization is consistent with the computer device currently receiving the authorization certificate, and the authorization certificate is generated and issued by the authorization server, the validity of the authorization certificate is verified.
When the first hash value is inconsistent with the second hash value, the second hardware information is inconsistent with the first hardware information, or the first identifier is inconsistent with the second identifier, which indicates that the computer device applying for service authorization is inconsistent with the computer device currently receiving the authorization certificate, or the authorization certificate is not generated and issued by the authorization server, and the hardware information in the authorization certificate applied by the computer device applying for service authorization may be tampered and sent to other computer devices, then the validity check of the authorization certificate is not passed.
In this embodiment, a hash algorithm is used to determine whether the first hardware information and the second hardware information, and whether an identifier of the authorization server is consistent with the second identifier, and whether a computer device applying for service authorization is consistent with a computer device currently receiving the authorization certificate, and whether the authorization certificate is generated and issued by the authorization server is determined, so that the validity of the authorization certificate can be checked, the security is improved, the authorization certificate can be prevented from being tampered, and one certificate of the authorization certificate is prevented from being used for multiple purposes.
In one embodiment, the method further comprises: stopping adopting the authorization certificate acquisition service when the validity of the authorization certificate is not verified; or when the validity of the authorization certificate is verified, matching the second hardware information with the first hardware information, and stopping adopting the authorization certificate to obtain the service when the second hardware information is inconsistent with the first hardware information.
When the validity check of the authorization certificate is not passed, the authorization certificate is represented to be illegal, the authorization certificate is possibly tampered, and the computer equipment stops adopting the authorization certificate acquisition service, so that the safety of the computer equipment is ensured.
When the validity of the authorization certificate passes the verification, the second hardware information is matched with the first hardware information, when the second hardware information is inconsistent with the first hardware information, the computer equipment applying for the authorization service is inconsistent with the currently running computer equipment, and the authorization certificate possibly has one certificate with multiple purposes, the authorization certificate is stopped from being adopted to obtain the service.
In one embodiment, obtaining first hardware information of a computer device and generating an authorization request including the first hardware information comprises: acquiring first hardware information of computer equipment and corresponding application time, and generating an authorization request comprising the first hardware information and the application time; the authorization server responds to the application time in the authorization request, and generates an effective period; the authorization certificate also comprises an effective period; when the second hardware information is consistent with the first hardware information, adopting an authorization certificate to obtain service, comprising: when the second hardware information is consistent with the first hardware information, acquiring a current first moment; matching the first time with the valid period in the authorization certificate, and acquiring service by adopting the authorization certificate when the first time is within the valid period; and stopping adopting the authorization certificate acquisition service when the first time exceeds the valid period.
When the validity of the authorization certificate passes the verification, and the second hardware information is consistent with the first hardware information, the computer equipment acquires the current first moment, judges whether the current first moment is within the valid period, and adopts an authorization certificate acquisition service when the current first moment is within the valid period; when the first time exceeds the valid period, the adoption of the authorization certificate acquisition service is stopped, so that the security of the authorization certificate can be ensured, and the computer equipment can accurately adopt the authorization certificate acquisition service within the valid period.
Further, acquiring first hardware information of the computer equipment and corresponding application time, starting a timer, and acquiring timing information; when the second hardware information is consistent with the first hardware information, acquiring a current first time, including: and when the second hardware information is consistent with the first hardware information, acquiring application time and timing information, and determining the current first time based on the application time and the timing information.
In one embodiment, as depicted in FIG. 5, the computer device performs step 502, obtains first hardware information, and generates an authorization request including the first hardware information; executing step 504, sending the authorization request to the authorization server; the authorization server signs the first hardware information in the authorization request by adopting a private key to obtain an authorization certificate; step 506 is executed to receive the authorization certificate, verify the validity of the authorization certificate with the public key, and verify the uniqueness of the computer device. The uniqueness of the computer equipment is checked, namely whether the first hardware information is consistent with the second hardware is judged, and when the first hardware information is consistent with the second hardware, the computer equipment applying the authorization service is consistent with the currently running computer equipment; when the first hardware information and the second hardware are inconsistent, the computer device applying for the authorization service is inconsistent with the currently running computer device, so that the authorization certificate only provides the service at the computer device applying for the authorization service.
The computer device executes step 508 to determine whether the authorization certificate is legal, and if not, the process is terminated, i.e., the authorization certificate acquisition service is stopped; when the determination is yes, step 510 is performed. The computer device performs step 510 to verify the validity of the time; executing step 512, judging whether the current time is in the valid period, and if not, ending, namely stopping adopting the authorization certificate acquisition service; when the determination is yes, step 514 is executed to obtain service by using the authorization certificate. After employing the certificate authority acquisition service, the computer device may periodically check the validity period of the certificate authority, i.e., periodically return to performing step 510 to verify the validity of the time.
It should be understood that although the steps in the flowcharts of fig. 2 and 4 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2 and 4 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least some of the other steps.
In one embodiment, as shown in fig. 6, there is provided a service authorization apparatus 600, which may be a part of a computer device using a software module or a hardware module, or a combination of the two, and specifically includes: an authorization request generation module 602, a sending module 604, a parsing module 606, a verification module 608, and a service acquisition module 610, wherein:
the authorization request generating module 602 is configured to obtain first hardware information of the computer device, and generate an authorization request including the first hardware information.
A sending module 604, configured to send the authorization request to an authorization server; the authorization server responds to the authorization request, acquires the private key, signs the first hardware information by adopting the private key to obtain signature information, generates an authorization certificate based on the signature information and the first hardware information, and returns the authorization certificate to the computer equipment.
And the analysis module 606 is configured to receive the authorization certificate returned by the authorization server, and analyze the authorization certificate to obtain the second hardware information and the public key corresponding to the private key.
The verifying module 608 is configured to verify the validity of the authorization certificate by using the public key.
The service obtaining module 610 is configured to match the second hardware information with the first hardware information when the validity check of the authorization certificate passes, and obtain a service by using the authorization certificate when the second hardware information is consistent with the first hardware information.
In the authorization device of the service, after the computer sends the authorization request to the authorization request server, the computer receives the returned authorization certificate and verifies the legality of the authorization certificate; when the validity of the authorization certificate passes the verification, the computer equipment can trust the information in the authorization certificate, then the second hardware information is matched with the first hardware information, and when the second hardware information is consistent with the first hardware information, the computer equipment applying the authorization service is consistent with the currently running computer equipment, and the computer equipment can adopt the authorization certificate to obtain the service; the authorization certificate is bound with the hardware information of the computer equipment, so that the economic loss of an authorization mechanism and the chaos of information caused by the fact that a plurality of computer equipment adopt the same authorization certificate to obtain services can be avoided, and the safety of service authorization is improved.
In an embodiment, the authorization request generating module 602 is further configured to obtain first hardware information of the computer device and a corresponding application time, and generate an authorization request including the first hardware information and the application time; the authorization server responds to the application time in the authorization request, and generates an effective period; the authorization certificate also comprises an effective period; the service obtaining module 610 is further configured to obtain a current first time when the second hardware information is consistent with the first hardware information; and matching the first time with the valid period in the authorization certificate, and acquiring service by adopting the authorization certificate when the first time is within the valid period.
In one embodiment, the service authorization apparatus further includes a timing module, configured to start a timer and obtain timing information; the service obtaining module 610 is further configured to obtain the application time and the timing information when the second hardware information is consistent with the first hardware information, and determine the current first time based on the application time and the timing information.
In one embodiment, the authorization apparatus for the service further includes an encryption module, configured to encrypt the timing information and the application time to obtain a ciphertext; the service obtaining module 610 is further configured to obtain a ciphertext when the second hardware information is consistent with the first hardware information; and decrypting the ciphertext to obtain the application time and the timing information.
In one embodiment, the authorization apparatus for the service further includes a writing module, configured to write the ciphertext into the hidden file; the service obtaining module 610 is further configured to obtain a ciphertext from the hidden file when the second hardware information is consistent with the first hardware information.
In one embodiment, the service authorization apparatus further includes a matching module, configured to obtain a current second time every preset time interval; matching the second moment with the valid period in the authorization certificate, and continuing to adopt the authorization certificate to obtain service when the second moment is within the valid period; and when the second time is not within the valid period, stopping adopting the authorization certificate to obtain the service.
In one embodiment, an authorization server obtains a first identifier of the authorization server, and performs hash calculation on first hardware information and the first identifier to obtain a first hash value; encrypting the first hash value by using a private key to obtain signature information; combining the first hardware information, the first identifier and the signature information to generate an authorization certificate; the analysis module 606 is further configured to analyze the authorization certificate to obtain second hardware information, a second identifier, and a public key corresponding to the private key; the verification module 608 is further configured to decrypt the signature information by using a public key to obtain a first hash value; performing hash calculation on the second hardware information and the second identifier as a whole to obtain a second hash value; and comparing the first hash value with the second hash value to obtain a comparison result, and verifying the legality of the authorization certificate based on the comparison result.
In an embodiment, the verifying module 608 is further configured to stop using the certificate authority acquiring service when the validity of the certificate authority does not pass the validity verification; or when the validity of the authorization certificate is verified, matching the second hardware information with the first hardware information, and stopping adopting the authorization certificate to obtain the service when the second hardware information is inconsistent with the first hardware information.
In an embodiment, the authorization request generating module 602 is further configured to obtain first hardware information of the computer device and a corresponding application time, and generate an authorization request including the first hardware information and the application time; the authorization server responds to the application time in the authorization request, and generates an effective period; the authorization certificate also comprises an effective period; the service obtaining module 610 is further configured to obtain a current first time when the second hardware information is consistent with the first hardware information; and matching the first time with the valid period in the authorization certificate, and acquiring service by adopting the authorization certificate when the first time is within the valid period.
For the specific definition of the service authorization device, reference may be made to the above definition of the service authorization method, which is not described herein again. The various modules in the authorizing means of the service described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, the internal structure of which may be as shown in FIG. 7. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement an authorization method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 7 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is further provided, which includes a memory and a processor, the memory stores a computer program, and the processor implements the steps of the above method embodiments when executing the computer program.
In an embodiment, a computer-readable storage medium is provided, in which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A method for authorizing a service, the method comprising:
acquiring first hardware information of a computer device and generating an authorization request comprising the first hardware information;
sending the authorization request to an authorization server; the authorization server responds to the authorization request, acquires a private key, signs the first hardware information by adopting the private key to obtain signature information, generates an authorization certificate based on the signature information and the first hardware information, and returns the authorization certificate to the computer equipment;
receiving the authorization certificate returned by the authorization server, and analyzing the authorization certificate to obtain second hardware information and a public key corresponding to the private key;
verifying the legality of the authorization certificate by adopting the public key;
and matching the second hardware information with the first hardware information when the validity of the authorization certificate passes the verification, and acquiring service by using the authorization certificate when the second hardware information is consistent with the first hardware information.
2. The method of claim 1, wherein obtaining first hardware information of a computer device and generating an authorization request including the first hardware information comprises:
acquiring first hardware information of computer equipment and corresponding application time, and generating an authorization request comprising the first hardware information and the application time; the authorization server responds to the application time in the authorization request, and generates an effective period; the valid period is also included in the authorization certificate;
when the second hardware information is consistent with the first hardware information, adopting the authorization certificate to obtain service, including:
when the second hardware information is consistent with the first hardware information, acquiring a current first moment;
and matching the first time with the valid period in the authorization certificate, and acquiring service by using the authorization certificate when the first time is within the valid period.
3. The method of claim 2, wherein after obtaining the first hardware information of the computer device and the corresponding application time, further comprising:
starting a timer to acquire timing information;
when the second hardware information is consistent with the first hardware information, acquiring a current first time includes:
and when the second hardware information is consistent with the first hardware information, acquiring the application time and the timing information, and determining the current first time based on the application time and the timing information.
4. The method of claim 3, wherein the starting the timer, after obtaining the timing information, further comprises:
encrypting the timing information and the application time to obtain a ciphertext;
when the second hardware information is consistent with the first hardware information, acquiring the application time and the timing information, including:
when the second hardware information is consistent with the first hardware information, acquiring the ciphertext;
and decrypting the ciphertext to obtain the application time and the timing information.
5. The method according to any one of claims 2 to 4, wherein after the obtaining the service by using the authorization certificate, the method further comprises:
acquiring a current second moment at preset time intervals;
matching the second time with the valid period in the authorization certificate, and continuing to adopt the authorization certificate to obtain service when the second time is within the valid period;
and stopping adopting the authorization certificate acquisition service when the second time is not within the valid period.
6. The method of claim 1, wherein the authorization server signs the first hardware information with the private key to obtain signature information, and generates an authorization certificate based on the signature information and the first hardware information, comprising:
the authorization server acquires a first identifier of the authorization server, and performs hash calculation on the first hardware information and the first identifier as a whole to obtain a first hash value; encrypting the first hash value by using the private key to obtain signature information; combining the first hardware information, the first identifier and the signature information to generate an authorization certificate;
the analyzing the authorization certificate to obtain second hardware information and a public key corresponding to the private key includes:
analyzing the authorization certificate to obtain second hardware information, a second identifier and a public key corresponding to the private key;
the verifying the validity of the authorization certificate by using the public key comprises the following steps:
decrypting the signature information by adopting the public key to obtain the first hash value;
performing hash calculation on the second hardware information and the second identifier as a whole to obtain a second hash value;
and comparing the first hash value with the second hash value to obtain a comparison result, and verifying the validity of the authorization certificate based on the comparison result.
7. The method of claim 1, further comprising:
stopping adopting the authorization certificate acquisition service when the validity check of the authorization certificate is not passed; or
And matching the second hardware information with the first hardware information when the validity of the authorization certificate passes the verification, and stopping adopting the authorization certificate acquisition service when the second hardware information is inconsistent with the first hardware information.
8. An apparatus for authorizing a service, the apparatus comprising:
the computer equipment comprises an authorization request generation module, a first hardware information acquisition module and a second hardware information acquisition module, wherein the authorization request generation module is used for acquiring first hardware information of the computer equipment and generating an authorization request comprising the first hardware information;
the sending module is used for sending the authorization request to an authorization server; the authorization server responds to the authorization request, acquires a private key, signs the first hardware information by adopting the private key to obtain signature information, generates an authorization certificate based on the signature information and the first hardware information, and returns the authorization certificate to the computer equipment;
the analysis module is used for receiving the authorization certificate returned by the authorization server and analyzing the authorization certificate to obtain second hardware information and a public key corresponding to the private key;
the verification module is used for verifying the legality of the authorization certificate by adopting the public key;
and the service acquisition module is used for matching the second hardware information with the first hardware information when the validity check of the authorization certificate is passed, and acquiring service by using the authorization certificate when the second hardware information is consistent with the first hardware information.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 7.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.
CN202010554053.3A 2020-06-17 2020-06-17 Service authorization method, service authorization device, computer equipment and storage medium Pending CN111708991A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010554053.3A CN111708991A (en) 2020-06-17 2020-06-17 Service authorization method, service authorization device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010554053.3A CN111708991A (en) 2020-06-17 2020-06-17 Service authorization method, service authorization device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111708991A true CN111708991A (en) 2020-09-25

Family

ID=72541216

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010554053.3A Pending CN111708991A (en) 2020-06-17 2020-06-17 Service authorization method, service authorization device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111708991A (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112149067A (en) * 2020-09-29 2020-12-29 济南博观智能科技有限公司 Software authorization method, terminal equipment, authorization server and storage medium
CN112165382A (en) * 2020-09-28 2021-01-01 大唐高鸿信安(浙江)信息科技有限公司 Software authorization method and device, authorization server and terminal equipment
CN112364307A (en) * 2020-09-30 2021-02-12 深圳市为汉科技有限公司 Software authorization method and related equipment
CN112487404A (en) * 2020-12-15 2021-03-12 中国科学院微小卫星创新研究院 Computer security audit system and method
CN112507291A (en) * 2020-11-18 2021-03-16 北京深思数盾科技股份有限公司 Method and device for generating unique identifier of Android device
CN112579989A (en) * 2020-12-23 2021-03-30 杭州安司源科技有限公司 Anti-piracy method for network service software
CN112596740A (en) * 2020-12-28 2021-04-02 北京千方科技股份有限公司 Program deployment method and device
CN112800392A (en) * 2021-01-28 2021-05-14 南方电网深圳数字电网研究院有限公司 Authorization method and device based on soft certificate and storage medium
CN112861114A (en) * 2021-02-07 2021-05-28 新大陆(福建)公共服务有限公司 Equipment authorization method based on authorization device
CN114186199A (en) * 2022-02-15 2022-03-15 北京安帝科技有限公司 License authorization method and device
CN114900309A (en) * 2021-03-29 2022-08-12 北京格瑞空间科技有限公司 Method for corresponding user identity identification of information application system to block chain account
CN114896621A (en) * 2022-07-15 2022-08-12 深圳竹云科技股份有限公司 Application service acquisition method, encryption method, device and computer equipment
CN114938299A (en) * 2022-05-16 2022-08-23 江苏新质信息科技有限公司 Device authorization method and device based on application service interface
WO2022252466A1 (en) * 2021-06-04 2022-12-08 统信软件技术有限公司 Application authorization method, computing device, and storage medium
CN115994343A (en) * 2023-03-22 2023-04-21 济南邦德激光股份有限公司 Software authorization method and system for laser cutting equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103491097A (en) * 2013-09-30 2014-01-01 华中师范大学 Software authorization system based on public key cryptosystem
CN106548043A (en) * 2016-11-01 2017-03-29 广东浪潮大数据研究有限公司 A kind of authorization method of application program, installation method, installation end and system
WO2018000886A1 (en) * 2016-07-01 2018-01-04 广州爱九游信息技术有限公司 Application program communication processing system, apparatus, method, and client terminal, and server terminal
CN108337093A (en) * 2017-12-26 2018-07-27 福建联迪商用设备有限公司 POS terminal personal identification method, POS terminal and server
CN109600223A (en) * 2017-09-30 2019-04-09 腾讯科技(深圳)有限公司 Verification method, Activiation method, device, equipment and storage medium
JP6571890B1 (en) * 2019-01-21 2019-09-04 Gmoグローバルサイン株式会社 Electronic signature system, certificate issuing system, certificate issuing method and program
CN110968844A (en) * 2019-12-02 2020-04-07 卫盈联信息技术(深圳)有限公司 Software authorization method in off-line state, server and readable storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103491097A (en) * 2013-09-30 2014-01-01 华中师范大学 Software authorization system based on public key cryptosystem
WO2018000886A1 (en) * 2016-07-01 2018-01-04 广州爱九游信息技术有限公司 Application program communication processing system, apparatus, method, and client terminal, and server terminal
CN106548043A (en) * 2016-11-01 2017-03-29 广东浪潮大数据研究有限公司 A kind of authorization method of application program, installation method, installation end and system
CN109600223A (en) * 2017-09-30 2019-04-09 腾讯科技(深圳)有限公司 Verification method, Activiation method, device, equipment and storage medium
CN108337093A (en) * 2017-12-26 2018-07-27 福建联迪商用设备有限公司 POS terminal personal identification method, POS terminal and server
JP6571890B1 (en) * 2019-01-21 2019-09-04 Gmoグローバルサイン株式会社 Electronic signature system, certificate issuing system, certificate issuing method and program
CN110968844A (en) * 2019-12-02 2020-04-07 卫盈联信息技术(深圳)有限公司 Software authorization method in off-line state, server and readable storage medium

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112165382A (en) * 2020-09-28 2021-01-01 大唐高鸿信安(浙江)信息科技有限公司 Software authorization method and device, authorization server and terminal equipment
CN112165382B (en) * 2020-09-28 2023-09-08 大唐高鸿信安(浙江)信息科技有限公司 Software authorization method and device, authorization server side and terminal equipment
CN112149067A (en) * 2020-09-29 2020-12-29 济南博观智能科技有限公司 Software authorization method, terminal equipment, authorization server and storage medium
CN112364307A (en) * 2020-09-30 2021-02-12 深圳市为汉科技有限公司 Software authorization method and related equipment
CN112364307B (en) * 2020-09-30 2024-03-12 深圳市为汉科技有限公司 Software authorization method and related equipment
CN112507291A (en) * 2020-11-18 2021-03-16 北京深思数盾科技股份有限公司 Method and device for generating unique identifier of Android device
CN112487404A (en) * 2020-12-15 2021-03-12 中国科学院微小卫星创新研究院 Computer security audit system and method
CN112579989B (en) * 2020-12-23 2022-06-24 杭州安司源科技有限公司 Anti-piracy method for network service software
CN112579989A (en) * 2020-12-23 2021-03-30 杭州安司源科技有限公司 Anti-piracy method for network service software
CN112596740A (en) * 2020-12-28 2021-04-02 北京千方科技股份有限公司 Program deployment method and device
CN112800392A (en) * 2021-01-28 2021-05-14 南方电网深圳数字电网研究院有限公司 Authorization method and device based on soft certificate and storage medium
CN112861114B (en) * 2021-02-07 2023-02-17 新大陆(福建)公共服务有限公司 Equipment authorization method based on authorization device
CN112861114A (en) * 2021-02-07 2021-05-28 新大陆(福建)公共服务有限公司 Equipment authorization method based on authorization device
CN114900309A (en) * 2021-03-29 2022-08-12 北京格瑞空间科技有限公司 Method for corresponding user identity identification of information application system to block chain account
WO2022252466A1 (en) * 2021-06-04 2022-12-08 统信软件技术有限公司 Application authorization method, computing device, and storage medium
CN114186199A (en) * 2022-02-15 2022-03-15 北京安帝科技有限公司 License authorization method and device
CN114938299A (en) * 2022-05-16 2022-08-23 江苏新质信息科技有限公司 Device authorization method and device based on application service interface
CN114938299B (en) * 2022-05-16 2024-03-12 江苏新质信息科技有限公司 Device authorization method and device based on application service interface
CN114896621A (en) * 2022-07-15 2022-08-12 深圳竹云科技股份有限公司 Application service acquisition method, encryption method, device and computer equipment
CN115994343A (en) * 2023-03-22 2023-04-21 济南邦德激光股份有限公司 Software authorization method and system for laser cutting equipment
CN115994343B (en) * 2023-03-22 2024-03-26 济南邦德激光股份有限公司 Software authorization method and system for laser cutting equipment

Similar Documents

Publication Publication Date Title
CN111708991A (en) Service authorization method, service authorization device, computer equipment and storage medium
RU2620998C2 (en) Method and authentication device for unlocking administrative rights
US20160330029A1 (en) Authenticator device facilitating file security
WO2017020452A1 (en) Authentication method and authentication system
CN113691502B (en) Communication method, device, gateway server, client and storage medium
CN111488598A (en) Access control method, device, computer equipment and storage medium
US8953805B2 (en) Authentication information generating system, authentication information generating method, client apparatus, and authentication information generating program for implementing the method
CN106790045B (en) distributed virtual machine agent device based on cloud environment and data integrity guarantee method
EP3206329B1 (en) Security check method, device, terminal and server
CN112765684B (en) Block chain node terminal management method, device, equipment and storage medium
CN116490868A (en) System and method for secure and fast machine learning reasoning in trusted execution environments
CN113014444A (en) Internet of things equipment production test system and safety protection method
US20210320790A1 (en) Terminal registration system and terminal registration method
KR20170019308A (en) Method for providing trusted right information, method for issuing user credential including trusted right information, and method for obtaining user credential
US11288381B2 (en) Calculation device, calculation method, calculation program and calculation system
Abraham et al. SSI Strong Authentication using a Mobile-phone based Identity Wallet Reaching a High Level of Assurance.
Zhang et al. TEO: Ephemeral ownership for iot devices to provide granular data control
CN116049802B (en) Application single sign-on method, system, computer equipment and storage medium
Kurnikov et al. Keys in the clouds: auditable multi-device access to cryptographic credentials
CN114120498B (en) Method and related device for migrating data
CN114124440B (en) Secure transmission method, apparatus, computer device and storage medium
EP3975015B9 (en) Applet package sending method and device and computer readable medium
KR20150072007A (en) Method for accessing temper-proof device and apparatus enabling of the method
CN113872986A (en) Power distribution terminal authentication method, system, device, computer equipment and storage medium
CN117879819B (en) Key management method, device, storage medium, equipment and computing power service system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination