[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN113326483A - Application program authorization method and related product - Google Patents

Application program authorization method and related product Download PDF

Info

Publication number
CN113326483A
CN113326483A CN202010134496.7A CN202010134496A CN113326483A CN 113326483 A CN113326483 A CN 113326483A CN 202010134496 A CN202010134496 A CN 202010134496A CN 113326483 A CN113326483 A CN 113326483A
Authority
CN
China
Prior art keywords
application program
authorization
response data
current
electronic device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010134496.7A
Other languages
Chinese (zh)
Inventor
张军琛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Intellifusion Technologies Co Ltd
Original Assignee
Shenzhen Intellifusion Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Intellifusion Technologies Co Ltd filed Critical Shenzhen Intellifusion Technologies Co Ltd
Priority to CN202010134496.7A priority Critical patent/CN113326483A/en
Publication of CN113326483A publication Critical patent/CN113326483A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the application discloses an application program authorization method and a related product, which are applied to a server in an application program authorization system comprising electronic equipment and the server, wherein the electronic equipment comprises a target application program, and the method comprises the following steps: the server starts the authorization service function of the local terminal when detecting the encryption lock, receives the current authorization request of the electronic equipment for the target application program, and finally carries out authorization service according to the current authorization request. The embodiment of the application improves the security of the authorization of the application program.

Description

Application program authorization method and related product
Technical Field
The present application relates to the field of electronic device technologies, and in particular, to an application program authorization method and a related product.
Background
With the continuous development of science and technology, software deployment and authorization modes are diversified and developed. The traditional deployment mainly comprises the steps of issuing a software installation package and authorizing a license file, a user applies for the license file to obtain software use permission through a software installation target machine, the license file is bound with a physical machine, most of software products are already in the cloud and run in a container along with the vigorous development of cloud computing (public cloud and private cloud), so that the cloud-based software deployment requirement of the software products is greatly increased, the current mainstream service mode is that the software products run on the public cloud, clients access through a calling interface API of a service provider, user authentication is completed on an API layer, and access control and permission strategies are still managed by the service provider.
In the prior art, under a privatized deployment scene, a container runs in a client private environment, and an access control and authority management module is exposed to a client, but because of virtualization and isolation of the container, an application program cannot accurately read machine hardware information in the running environment of the application program, and a traditional method for verifying license by the application program cannot be used.
Disclosure of Invention
The embodiment of the application provides an application program authorization method and a related product, so as to improve the accuracy of application program authorization.
In a first aspect, an embodiment of the present application provides an application program authorization method, which is applied to a server in an application program authorization system, where the application program authorization system includes an electronic device and the server, and the electronic device includes a target application program, and the method includes:
when the encryption lock is detected, starting an authorization service function of the local terminal;
receiving a current secondary authorization request from the electronic device for the target application;
and performing authorization service according to the current authorization request.
In a second aspect, an embodiment of the present application provides an application authorization method, which is applied to an electronic device in an application authorization system, where the application authorization system includes the electronic device and a server, and the electronic device includes a target application, and the method includes:
when sending the current authorization request for the target application to the server;
receiving response data from the server, wherein the response data is obtained by the server performing authorization service according to the current authorization request;
and controlling the target application program according to the response data.
In a third aspect, an embodiment of the present application provides an application authorization apparatus, which is applied to a server in an application authorization system, where the application authorization system includes the server and an electronic device, and the server and the electronic device are communicatively connected, and the apparatus includes: a processing unit and a communication unit, wherein,
the processing unit is used for starting the authorization service function of the local terminal when the encryption lock is detected; and for receiving, by the communication unit, a current secondary authorization request from the electronic device for the target application; and the authorization server is used for performing authorization service according to the current authorization request.
In a fourth aspect, an embodiment of the present application provides an application authorization apparatus, which is applied to an electronic device in an application authorization system, where the application authorization system includes the electronic device and a server, and the electronic device is communicatively connected to the server, and the apparatus includes: a processing unit and a communication unit, wherein,
the processing unit is used for sending a current authorization request aiming at the target application program to the server through the communication unit; the communication unit is used for receiving response data from the server, and the response data is obtained by the server performing authorization service according to the current authorization request; and for controlling the target application in accordance with the response data.
In a fifth aspect, an embodiment of the present application provides an application authorization system, which includes an electronic device and a server, where the server is in communication connection with the electronic device;
the server is configured to perform the steps of the method according to any one of the first aspect;
the electronic device is configured to perform the steps of the method according to any of the second aspects.
In a sixth aspect, embodiments of the present application provide a server, including a processor, a memory, a communication interface, and one or more programs, where the one or more programs are stored in the memory and configured to be executed by the processor, and the program includes instructions for performing the steps in any of the methods of the first aspect of the embodiments of the present application.
In a seventh aspect, an embodiment of the present application provides an electronic device, including a processor, a memory, a communication interface, and one or more programs, where the one or more programs are stored in the memory and configured to be executed by the processor, and the program includes instructions for executing the steps of any of the methods in the second aspect of the embodiment of the present application.
In an eighth aspect, the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program for electronic data exchange, where the computer program makes a computer perform part or all of the steps described in the method according to any one of the first aspect or the second aspect of the embodiments of the present application, and the computer includes an electronic device.
In a ninth aspect, embodiments of the present application provide a computer program product, wherein the computer program product comprises a non-transitory computer-readable storage medium storing a computer program, the computer program being operable to cause a computer to perform some or all of the steps as described in any of the methods of the first or second aspects of the embodiments of the present application. The computer program product may be a software installation package.
It can be seen that, in the embodiment of the present application, the server starts the authorization service function of the home terminal when detecting the encryption lock, receives the current authorization request from the electronic device for the target application program, and performs the authorization service according to the current authorization request. Therefore, the authorization service process of the target application program is transferred to the server, and the server is directly communicated with the electronic equipment for authorization, so that the problem that the target application program cannot accurately read the hardware information of the machine in the running environment of the target application program is solved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of an application authorization system according to an embodiment of the present application;
FIG. 2 is a flowchart illustrating an application authorization method according to an embodiment of the present disclosure;
FIG. 3 is a flow chart illustrating another method for authorizing an application disclosed in an embodiment of the present application;
FIG. 4 is a schematic structural diagram of a server disclosed in an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device disclosed in an embodiment of the present application;
fig. 6 is a block diagram of functional units of an application authorization apparatus according to an embodiment of the present application;
fig. 7 is a block diagram of functional units of another application authorization apparatus disclosed in the embodiment of the present application.
Detailed Description
The following describes embodiments of the present application in detail.
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first," "second," and the like in the description and claims of the present application and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
At present, in a privatized deployment scenario, a container runs in a client private environment, and an access control and rights management module is exposed to a client, but because of virtualization and isolation of the container, an application program cannot accurately read machine hardware information in the running environment of the application program, and a traditional method for verifying license by the application program cannot be used.
The present application provides an application program authorization method, and embodiments of the present application are described in detail below with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a schematic structural diagram of an application authorization system according to an embodiment of the present application, and as shown in fig. 1, the application authorization system includes a server 101 and an electronic device 102, where the server 101 and the electronic device 102 are in communication connection, and during an application authorization process, data interaction can be performed between the server 101 and the electronic device 102.
When the application is deployed privatically, the encrypted server 101 (authorized server), the encryption lock, and the application (electronic device 102) need to be deployed synchronously.
First, the server 101 (authorization server) can insert an encryption lock, and in the case where an encryption lock interface is provided in the server 101, the insertion of the encryption lock can ensure the operating environment of the program in the server 101, that is, the server 101 can be started only when the existence of the encryption lock is detected.
Secondly, a server-side authorization program is deployed on the server 101, and the operating environment of the encryption lock is verified at the time of starting.
Finally, the electronic device 102 runs a target application program, which is an application program deployed on the container cloud, where the application program includes business logic of the electronic device 102, and requests the server to perform authorization when the electronic device is started, and after the electronic device is successfully started, the application program may timely and/or periodically request the server to confirm authentication and authorization.
Referring to fig. 2, fig. 2 is a flowchart illustrating an application authorization method according to an embodiment of the present application, applied to the server shown in fig. 1, and as shown in fig. 2, the application authorization method includes:
s201, when the server detects the encryption lock, the server starts the authorization service function of the local terminal.
Wherein the server is a local server and the server is a physical server. Wherein, the encryption lock (dongle, USB-KEY) includes encryption software, and when the server detects the encryption software, the server detects the encryption lock.
The encryption lock can encrypt the program in the server, a secret key verification mechanism of the encryption lock is performed on a chip of the encryption lock, data cannot be loaded into a memory, and authorization service in the server can be guaranteed not to be cracked through the existing and predictable software cracking mode; the encrypted authorization service is integrally provided by the encryption server and the encryption lock, and in the process of privatized deployment, when the authorization service is started, the server can automatically detect whether encryption software exists or not according to an encryption mechanism, and the authorization server can be started only when the encryption lock exists.
In the privatized deployment process, when the authorization service is started, the authorization service end can automatically detect whether encryption software exists or not according to an encryption mechanism, and the authorization service end can be started only when an encryption lock exists.
In this example, the server starts the authorization service function of the local terminal after detecting the encryption lock, so that the security of the running environment of the authorization program in the server is ensured, the software is prevented from being cracked and abused, and the authorization security of the application program is further improved.
S202, the server receives a current authorization request aiming at the target application program from the electronic equipment.
The target application program may be a game application program, a communication application program, or a shopping application program, and the target application program may also be another application program, which is not limited specifically.
S203, the server performs authorization service according to the current authorization request.
In this example, the authorization service process of the target application program is transferred to the server, and the server directly communicates with the electronic device for authorization, so that the problem that the target application program cannot accurately read the hardware information of the machine in the operating environment of the target application program is avoided.
It can be seen that, in the embodiment of the present application, the server starts the authorization service function of the home terminal when detecting the encryption lock, receives the current authorization request from the electronic device for the target application program, and performs the authorization service according to the current authorization request. Therefore, the authorization service process of the target application program is transferred to the server, and the server is directly communicated with the electronic equipment for authorization, so that the problem that the target application program cannot accurately read the hardware information of the machine in the running environment of the target application program is solved.
In one possible example, a specific implementation manner of the server performing the authorization service according to the current authorization request may include the following steps:
21. and judging whether the current authorization request is a first request aiming at the target application program.
The specific implementation manner of determining whether the current authorization request is the first request for the target application program may be: the server determines a target program identifier corresponding to the target application program according to the current authorization request; inquiring an application program identification record table by taking the target program identification as an inquiry identification; if the target program identifier exists in the application program identifier record table, determining that the current authorization request is not a first request for the target application program; and if the target program identifier does not exist in the application program identifier record table, determining that the current authorization request is a first request aiming at the target application program.
Further, the application identification record table may be obtained by the server performing the following operations: after the application program is successfully authorized and authenticated, if the application program identifier corresponding to the application program does not exist in the application program identifier record table, storing the application program identifier corresponding to the application program in the program identifier record table; after the authorization authentication of the application program fails, if the application program identifier corresponding to the application program exists in the program identifier record table, removing the application program identifier corresponding to the application program in the program identifier record table. For example, an application identifier a, an application identifier B, an application identifier C, and an application identifier D exist in the current application identifier record table, if the application identifier of the application is F after the application is successfully authorized and authenticated, and the application identifier F does not exist in the application identifier record table, the application identifier F is stored in the application identifier record table, and if the application identifier of the application is a after the application is unsuccessfully authorized and authenticated, and the application identifier a exists in the application identifier record table, the application identifier is removed from the application identifier record table, that is, the application identifier a in the application identifier record table is deleted.
In this example, it can be seen that, when receiving the current authorization request from the electronic device for the target application program, the server is able to determine whether the current authorization request is the first request for the target application program.
22. And if the current authorization request is not the first request aiming at the target application program, judging whether the time interval from the last authorization request to the current authorization request is greater than a reference time interval.
The reference time may be set by the user according to the user requirement, for example, the reference time interval may be 5 days, the reference time interval may be 15 days, and the reference time may also be any other value, which is not limited specifically.
In this example, the server can determine whether the time interval from the last authorization request to the current authorization request is greater than the reference time interval after determining that the current authorization request is not the first request for the target application program.
23. And if the time interval is greater than the reference time interval, performing authorization verification on the target application program according to the current authorization request to obtain a verification result.
The server performs authorization verification on the target application program according to the current authorization request, and a specific implementation manner of obtaining a verification result may be: the server verifies whether the authorization certificate of the target application program is valid; if the authorization certificate is invalid, the obtained verification result is verification failure; if the authorization certificate is valid, determining whether the number of the current authorized programs reaches the maximum number of instances; if the number of the current authorized programs reaches the maximum number of instances, the obtained verification result is verification failure; and if the number of the current authorized programs does not reach the maximum number of the instances, the obtained verification result is successful.
Wherein the authorization certificate being invalid comprises the authorization certificate having expired.
For example, the server detects that the authorization certificate is a real authorization certificate, when the authorization date of the authorization certificate is from 2019, 2 months to 23, 2020, 2 months and 23, when the current date is 2020, 2 months and 24, the authorization certificate is invalid, the corresponding verification result is verification failure, and when the current date is 2020, 2 months and 20, the authorization certificate is valid, and the corresponding verification result is verification success.
In this example, the server can perform authorization verification on the target application program again according to the current authorization request to obtain a verification result when the time interval from the last authorization request to the current authorization request is greater than the reference time interval, so that the previous verification result is prevented from being directly used when the authorization certificate expires, and the validity of the target application program authentication is improved.
24. If the verification result is that the verification is successful, generating first response data, and sending the first response data to the electronic device, where the first response data includes an authorization success identifier, and the authorization success identifier is used to indicate the electronic device to run the target application program.
As can be seen, in this example, the server can perform authorization verification on the target application program according to the current authorization request, and if the verification is successful, generate first response data including an authorization success identifier, and send the first response data to the corresponding electronic device, and instruct the electronic device to run the target application program through the authorization success identifier, thereby expanding an application program authorization authentication mechanism and improving intelligence of the server.
In one possible example, after determining whether the current authorization request is a first request for the target application, the method further includes: if the current authorization request is a first request aiming at the target application program, authorization verification is carried out on the target application program according to the current authorization request to obtain a verification result; and if the verification result is that the verification is successful, generating the first response data and sending the first response data to the electronic equipment.
Wherein, the authorization verification is performed on the target application program according to the current authorization request, and the verification result is obtained as described above, please refer to the foregoing description, which is not described herein again.
If the verification result is that the verification is successful, the first response data is generated and sent to the electronic device in the foregoing description, please refer to the foregoing description, which is not described herein again.
As can be seen, in this example, after determining that the current authorization request is the first request for the target application program, the server can perform authorization verification on the target application program according to the current authorization request, and generate first response data when the verification result is that the verification is successful, and send the first response data to the electronic device to control the electronic device to run the target application program, so that the intelligence of the server in performing authorization on the target application program is improved.
In one possible example, the server generating first response data and transmitting the first response data to the electronic device includes: the server judges whether the current authorized application program reaches the target number; and if the current authorized application program does not reach the target quantity, generating the first response data and sending the first response data to the electronic equipment.
The target number may be 10, the target number may also be 15, and the target number may also be other numbers, which are not specifically limited.
For example, the number of targets is 10, and if the number of currently authorized programs is 9, the first response data is generated, where the first response data includes an authorization success identifier, and the authorization success identifier is used to instruct the electronic device to run the target application program. And transmitting the first response data to the electronic device.
As can be seen, in this example, the server can generate the first response data when the current authorized application program does not reach a certain number, and send the first response data to the electronic device to control the electronic device to run the target application program, so as to improve the intelligence of the server in authorizing the application program.
In one possible example, the method further comprises: if the verification result is that the verification is unsuccessful, generating second response data, and sending the second response data to the electronic device, wherein the second response data comprises an authorization failure identifier, and the authorization failure identifier is used for indicating the electronic device to stop running the target application program; if the time interval is smaller than or equal to the reference time interval, generating the first response data and sending the first response data to the electronic equipment; and if the current authorized application program reaches the target number, generating the second response data, and sending the second response data to the electronic equipment.
For example, in practical applications, if the verification result is that the verification is unsuccessful, second response data is generated and sent to the electronic device, where the second response data includes an authorization failure identifier, and the authorization failure identifier is used to indicate that the electronic device stops running the target application program.
For example, in practical applications, if the time interval is 15 hours and the reference time interval is 24 hours, the first response data is generated and sent to the electronic device.
For example, in practical applications, if the number of the currently-authorized applications is 10 and the target number is 10, that is, the currently-authorized applications reach the target number, the second response data is generated and sent to the electronic device.
As can be seen, in this example, the server can generate the authorization failure flag to stop the electronic device from running the currently-processed target application when the verification result is that the verification is unsuccessful and the current authorized application reaches the target number, and the server can make the electronic device continue to run the currently-processed target application at a time interval that is less than or equal to the reference time interval, so as to improve the intelligence of the server in performing the application authorization.
In one possible example, the current authorization request is obtained by performing any one of the following operations for the electronic device: when the target application program is detected to be opened, generating the current authorization request; after the target application program is opened, generating the current authorization request according to a preset time interval; and generating the current authorization request when detecting that the calling times of the target function in the target application program reach the reference times.
The preset time interval may be half an hour, the preset time interval may also be one hour, the preset time interval may be two hours, the preset time interval may also be other values, the preset time interval is not limited at all, and the user may preset the preset time interval according to actual needs.
The target function in the target application program may be one function in the target application program, the target function in the target application program may be multiple functions in the target application program, different target application programs may correspond to different target functions, the reference times corresponding to different target functions may be the same, and the reference times corresponding to different target functions may also be different. The reference number may be 5, 10, 20, or another value, and is not limited at all, and the user may preset the reference number according to actual needs.
Further, when the target function in the target application program is a plurality of functions in the target application program, the reference times corresponding to the plurality of functions may be completely the same, the reference times corresponding to the plurality of functions may not be completely the same, and the number of times that the target function in the target application program is called reaches the reference times may be that at least one of the number of times that the target function in the target application program is called reaches the reference times corresponding to the plurality of functions.
For example, when the target functions in the target application are two functions in the target application, the current authorization request is generated when the number of times of calling a first target function in the target application reaches a first reference number and/or the number of times of calling a second target function in the target application reaches a second reference number is detected.
Therefore, in this example, the target application in the electronic device can generate the current authorization request in time according to the running condition of the target application, and the timeliness of the server for performing the authorization of the target application program is improved.
Referring to fig. 3, fig. 3 is a flowchart illustrating another method for authorizing an application program according to an embodiment of the present application, where the method is applied to the electronic device shown in fig. 1, and as shown in fig. 3, the method for authorizing an application program includes:
s301, the electronic equipment sends a current authorization request aiming at the target application program to the server;
s302, the electronic equipment receives response data from the server, wherein the response data is obtained by the server performing authorization service according to the current authorization request;
s303, the electronic equipment controls the target application program according to the response data.
It can be seen that, in the embodiment of the present application, the electronic device first sends the current authorization request for the target application to the server, then receives the response data from the server, where the response data is obtained by the server performing authorization service according to the current authorization request, and finally controls the target application according to the response data. Therefore, the electronic device can send the current authorization request aiming at the target application program to the server to obtain the response data from the server, and finally, the target application program is controlled according to the response data.
In one possible example, the server performs an authorization service according to the current authorization request, including:
when receiving a current authorization request aiming at the target application program from the electronic equipment, judging whether the current authorization request is a first request aiming at the target application program;
if the current authorization request is not the first request aiming at the target application program, judging whether the time interval from the last authorization request to the current authorization request is greater than a reference time interval or not;
if the time interval is larger than the reference time interval, authorization verification is carried out on the target application program according to the current authorization request, and a verification result is obtained;
if the verification result is that the verification is successful, generating first response data, and sending the first response data to the electronic device, wherein the first response data comprises an authorization success identifier, and the authorization success identifier is used for indicating the electronic device to run the target application program;
if the authorization request is a first request aiming at the target application program, authorization verification is carried out on the target application program according to the current authorization request to obtain a verification result;
and if the verification result is that the verification is successful, generating the first response data and sending the first response data to the electronic equipment.
In one possible example, the generating and sending the first response data to the electronic device includes:
judging whether the current authorized application program reaches the target number;
and if the current authorized application program does not reach the target quantity, generating the first response data and sending the first response data to the electronic equipment.
In one possible example, the method further comprises: if the verification result is that the verification is unsuccessful, generating second response data, and sending the second response data to the electronic device, wherein the second response data comprises an authorization failure identifier, and the authorization failure identifier is used for indicating the electronic device to stop running the target application program; if the time interval is smaller than or equal to the reference time interval, generating the first response data and sending the first response data to the electronic equipment; and if the current authorized application program reaches the target number, generating second response data and sending the second response data to the electronic equipment.
Referring to fig. 4 in accordance with the embodiment shown in fig. 2, fig. 4 is a schematic structural diagram of a server 400 provided in an embodiment of the present application, as shown in fig. 4, the server 400 includes an application processor 410, a memory 420, a communication interface 430, and one or more programs 421, where the one or more programs 421 are stored in the memory 420 and configured to be executed by the application processor 410, and the one or more programs 421 include instructions for performing the following steps;
when the encryption lock is detected, starting an authorization service function of the local terminal;
receiving a current secondary authorization request from the electronic device for the target application;
and performing authorization service according to the current authorization request.
It can be seen that, in the embodiment of the present application, the server starts the authorization service function of the home terminal when detecting the encryption lock, receives the current authorization request from the electronic device for the target application program, and performs the authorization service according to the current authorization request. Therefore, the authorization service process of the target application program is transferred to the server, and the server is directly communicated with the electronic equipment for authorization, so that the problem that the target application program cannot accurately read the hardware information of the machine in the running environment of the target application program is solved.
In one possible example, the instructions of the one or more programs 421 are specifically configured to, in the aspect of generating and sending the first response data to the electronic device, perform the following steps: judging whether the current authorization request is a first request aiming at the target application program; if the current authorization request is not the first request aiming at the target application program, judging whether the time interval from the last authorization request to the current authorization request is greater than a reference time interval or not; if the time interval is larger than the reference time interval, authorization verification is carried out on the target application program according to the current authorization request, and a verification result is obtained; if the verification result is that the verification is successful, generating first response data, and sending the first response data to the electronic device, where the first response data includes an authorization success identifier, and the authorization success identifier is used to indicate the electronic device to run the target application program.
In one possible example, the one or more programs 421 further include instructions for performing the steps of: after judging whether the current authorization request is a first request aiming at the target application program or not, if the authorization request is the first request aiming at the target application program, carrying out authorization verification on the target application program according to the current authorization request to obtain a verification result; and if the verification result is that the verification is successful, generating the first response data and sending the first response data to the electronic equipment.
In one possible example, the instructions of the one or more programs 421 are specifically configured to, in the aspect of generating and sending the first response data to the electronic device, perform the following steps: judging whether the current authorized application program reaches the target number; and if the current authorized application program does not reach the target quantity, generating the first response data and sending the first response data to the electronic equipment.
In one possible example, the one or more programs 421 further include instructions for performing the steps of: if the verification result is that the verification is unsuccessful, generating second response data, and sending the second response data to the electronic device, wherein the second response data comprises an authorization failure identifier, and the authorization failure identifier is used for indicating the electronic device to stop running the target application program; if the time interval is smaller than or equal to the reference time interval, generating the first response data and sending the first response data to the electronic equipment; and if the current authorized application program reaches the target number, generating the second response data, and sending the second response data to the electronic equipment.
In one possible example, the current authorization request is obtained by performing any one of the following operations for the electronic device: when the target application program is detected to be opened, generating the current authorization request; after the target application program is opened, generating the current authorization request according to a preset time interval; and generating the current authorization request when detecting that the calling times of the target function in the target application program reach the reference times.
Referring to fig. 5 in accordance with the embodiment shown in fig. 3, fig. 5 is a schematic structural diagram of an electronic device 500 provided in an embodiment of the present application, and as shown in fig. 5, the electronic device 500 includes an application processor 510, a memory 520, a communication interface 530, and one or more programs 521, where the one or more programs 521 are stored in the memory 520 and configured to be executed by the application processor 510, and the one or more programs 521 include instructions for performing the following steps;
sending a current time authorization request for the target application to the server;
receiving response data from the server, wherein the response data is obtained by the server performing authorization service according to the current authorization request;
and controlling the target application program according to the response data.
It can be seen that, in the embodiment of the present application, the electronic device first sends the current authorization request for the target application to the server, then receives the response data from the server, where the response data is obtained by the server performing authorization service according to the current authorization request, and finally controls the target application according to the response data. Therefore, the electronic equipment can send the current authorization request aiming at the target application program to the server so as to obtain the response data from the server, and finally, the target application program is controlled according to the response data, so that the authorization accuracy of the application program is improved.
In one possible example, the server performs an authorization service according to the current authorization request, including: when receiving a current authorization request aiming at the target application program from the electronic equipment, judging whether the current authorization request is a first request aiming at the target application program; if the current authorization request is not the first request aiming at the target application program, judging whether the time interval from the last authorization request to the current authorization request is greater than a reference time interval or not; if the time interval is larger than the reference time interval, authorization verification is carried out on the target application program according to the current authorization request, and a verification result is obtained; if the verification result is that the verification is successful, generating first response data, and sending the first response data to the electronic device, wherein the first response data comprises an authorization success identifier, and the authorization success identifier is used for indicating the electronic device to run the target application program; if the authorization request is a first request aiming at the target application program, authorization verification is carried out on the target application program according to the current authorization request to obtain a verification result; and if the verification result is that the verification is successful, generating the first response data and sending the first response data to the electronic equipment.
In one possible example, the generating and sending the first response data to the electronic device includes: judging whether the current authorized application program reaches the target number; and if the current authorized application program does not reach the target quantity, generating the first response data and sending the first response data to the electronic equipment.
In one possible example, the method further comprises: if the verification result is that the verification is unsuccessful, generating second response data, and sending the second response data to the electronic device, wherein the second response data comprises an authorization failure identifier, and the authorization failure identifier is used for indicating the electronic device to stop running the target application program; if the time interval is smaller than or equal to the reference time interval, generating the first response data and sending the first response data to the electronic equipment; and if the current authorized application program reaches the target number, generating second response data and sending the second response data to the electronic equipment.
In accordance with the embodiment shown in fig. 2, fig. 6 is a block diagram of functional units of an application program authorization apparatus provided in the embodiment of the present application, the application program authorization apparatus 600 is applied to the server shown in fig. 1, as shown in fig. 6, the application program authorization apparatus 600 includes a processing unit 601 and a communication unit 602, wherein,
the processing unit 601 is configured to start an authorization service function of the home terminal when the encryption lock is detected; and for receiving, via the communication unit 602, a current secondary authorization request from the electronic device for the target application; and the authorization server is used for performing authorization service according to the current authorization request.
The apparatus 600 may further include a storage unit 603 for storing data and program generations of the server. The processing unit 601 may be a processor, the communication unit 602 may be an internal communication interface, and the storage unit 603 may be a memory.
It can be seen that, in the embodiment of the present application, the server starts the authorization service function of the home terminal when detecting the encryption lock, receives the current authorization request from the electronic device for the target application program, and performs the authorization service according to the current authorization request. Therefore, the authorization service process of the target application program is transferred to the server, and the server is directly communicated with the electronic equipment for authorization, so that the problem that the target application program cannot accurately read the hardware information of the machine in the running environment of the target application program is solved.
In a possible example, in terms of performing the authorization service according to the current authorization request, the processing unit 601 is specifically configured to: judging whether the current authorization request is a first request aiming at the target application program; if the current authorization request is not the first request aiming at the target application program, judging whether the time interval from the last authorization request to the current authorization request is greater than a reference time interval or not; if the time interval is larger than the reference time interval, authorization verification is carried out on the target application program according to the current authorization request, and a verification result is obtained; if the verification result is that the verification is successful, generating first response data, and sending the first response data to the electronic device, where the first response data includes an authorization success identifier, and the authorization success identifier is used to indicate the electronic device to run the target application program.
In one possible example, the processing unit 601 is further configured to: when the current authorization request for the target application program from the electronic equipment is received, after whether the current authorization request is a first request for the target application program is judged, if the authorization request is the first request for the target application program, authorization verification is performed on the target application program according to the current authorization request, and a verification result is obtained; and if the verification result is that the verification is successful, generating the first response data and sending the first response data to the electronic equipment.
In one possible example, in terms of generating first response data and sending the first response data to the electronic device, the processing unit 601 is specifically configured to: judging whether the current authorized application program reaches the target number; and if the current authorized application program does not reach the target quantity, generating the first response data and sending the first response data to the electronic equipment.
In one possible example, the processing unit 601 is further configured to: if the verification result is that the verification is unsuccessful, generating second response data, and sending the second response data to the electronic device, wherein the second response data comprises an authorization failure identifier, and the authorization failure identifier is used for indicating the electronic device to stop running the target application program; if the time interval is smaller than or equal to the reference time interval, generating the first response data and sending the first response data to the electronic equipment; and if the current authorized application program reaches the target number, generating the second response data, and sending the second response data to the electronic equipment.
In one possible example, the current authorization request is obtained by performing any one of the following operations for the electronic device: when the target application program is detected to be opened, generating the current authorization request; after the target application program is opened, generating the current authorization request according to a preset time interval; and generating the current authorization request when detecting that the calling times of the target function in the target application program reach the reference times.
In accordance with the embodiment shown in fig. 3, fig. 7 is a block diagram of functional units of an application program authorization apparatus provided in an embodiment of the present application, the application program authorization apparatus 700 is applied to the electronic device shown in fig. 1, as shown in fig. 7, the application program authorization apparatus 700 includes a processing unit 701 and a communication unit 702, wherein,
the processing unit 701 is configured to send a current secondary authorization request for the target application to the server through the communication unit 702; the response data is obtained by the server performing authorization service according to the current authorization request; and for controlling the target application in accordance with the response data.
The apparatus 700 may further include a storage unit 703 for storing data and program generations of the server. The processing unit 701 may be a processor, the communication unit 702 may be an internal communication interface, and the storage unit 703 may be a memory.
It can be seen that, in the embodiment of the present application, the electronic device first sends the current authorization request for the target application to the server, then receives the response data from the server, where the response data is obtained by the server performing authorization service according to the current authorization request, and finally controls the target application according to the response data. Therefore, the electronic equipment can send the current authorization request aiming at the target application program to the server so as to obtain the response data from the server, and finally, the target application program is controlled according to the response data, so that the authorization accuracy of the application program is improved.
In one possible example, the server performs an authorization service according to the current authorization request, including: when receiving a current authorization request aiming at the target application program from the electronic equipment, judging whether the current authorization request is a first request aiming at the target application program; if the current authorization request is not the first request aiming at the target application program, judging whether the time interval from the last authorization request to the current authorization request is greater than a reference time interval or not; if the time interval is larger than the reference time interval, authorization verification is carried out on the target application program according to the current authorization request, and a verification result is obtained; if the verification result is that the verification is successful, generating first response data, and sending the first response data to the electronic device, wherein the first response data comprises an authorization success identifier, and the authorization success identifier is used for indicating the electronic device to run the target application program; if the authorization request is a first request aiming at the target application program, authorization verification is carried out on the target application program according to the current authorization request to obtain a verification result; and if the verification result is that the verification is successful, generating the first response data and sending the first response data to the electronic equipment.
In one possible example, the generating and sending the first response data to the electronic device includes: judging whether the current authorized application program reaches the target number; and if the current authorized application program does not reach the target quantity, generating the first response data and sending the first response data to the electronic equipment.
In one possible example, the method further comprises: if the verification result is that the verification is unsuccessful, generating second response data, and sending the second response data to the electronic device, wherein the second response data comprises an authorization failure identifier, and the authorization failure identifier is used for indicating the electronic device to stop running the target application program; if the time interval is smaller than or equal to the reference time interval, generating the first response data and sending the first response data to the electronic equipment; and if the current authorized application program reaches the target number, generating second response data and sending the second response data to the electronic equipment.
Embodiments of the present application also provide a computer storage medium, wherein the computer storage medium stores a computer program for electronic data exchange, the computer program causes a computer to execute part or all of the steps of any one of the methods described in the method embodiments, and the computer includes an electronic device.
Embodiments of the present application also provide a computer program product comprising a non-transitory computer readable storage medium storing a computer program operable to cause a computer to perform some or all of the steps of any of the methods as recited in the method embodiments. The computer program product may be a software installation package, said computer comprising electronic means.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
In the embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implementing, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of some interfaces, devices or units, and may be an electric or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable memory. Based on such understanding, the technical solution of the present application may be substantially implemented or a part of or all or part of the technical solution contributing to the prior art may be embodied in the form of a software product stored in a memory, and including several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the above-mentioned method of the embodiments of the present application. And the aforementioned memory comprises: various media capable of storing program codes, such as a usb disk, a Read-only memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable memory, which may include: flash memory disks, Read-only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
The foregoing detailed description of the embodiments of the present application has been presented to illustrate the principles and implementations of the present application, and the above description of the embodiments is only provided to help understand the method and the core concept of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
The terms "first," "second," and the like in the description and claims of the present application and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
The electronic device according to the embodiments of the present application may include various handheld devices, vehicle-mounted devices, wearable devices, computing devices or other processing devices connected to a wireless modem, and various forms of User Equipment (UE), Mobile Stations (MS), terminals (terminal), and so on.

Claims (12)

1. An application program authorization method, applied to a server in an application program authorization system, where the application program authorization system includes an electronic device and the server, and the electronic device includes a target application program, and the method includes:
when the encryption lock is detected, starting an authorization service function of the local terminal;
receiving a current secondary authorization request from the electronic device for the target application;
and performing authorization service according to the current authorization request.
2. The method of claim 1, wherein the performing authorization service according to the current authorization request comprises:
judging whether the current authorization request is a first request aiming at the target application program;
if the current authorization request is not the first request aiming at the target application program, judging whether the time interval from the last authorization request to the current authorization request is greater than a reference time interval or not;
if the time interval is larger than the reference time interval, authorization verification is carried out on the target application program according to the current authorization request, and a verification result is obtained;
if the verification result is that the verification is successful, generating first response data, and sending the first response data to the electronic device, where the first response data includes an authorization success identifier, and the authorization success identifier is used to indicate the electronic device to run the target application program.
3. The method of claim 2, wherein after determining whether the current authorization request is a first request for the target application, the method further comprises:
if the current authorization request is a first request aiming at the target application program, authorization verification is carried out on the target application program according to the current authorization request to obtain a verification result;
and if the verification result is that the verification is successful, generating the first response data and sending the first response data to the electronic equipment.
4. The method of claim 2, wherein generating and transmitting first response data to the electronic device comprises:
judging whether the current authorized application program reaches the target number;
and if the current authorized application program does not reach the target quantity, generating the first response data and sending the first response data to the electronic equipment.
5. The method of claim 4, further comprising:
if the verification result is that the verification is unsuccessful, generating second response data, and sending the second response data to the electronic device, wherein the second response data comprises an authorization failure identifier, and the authorization failure identifier is used for indicating the electronic device to stop running the target application program;
if the time interval is smaller than or equal to the reference time interval, generating the first response data and sending the first response data to the electronic equipment;
and if the current authorized application program reaches the target number, generating the second response data, and sending the second response data to the electronic equipment.
6. The method according to any one of claims 1 to 5, wherein the current time authorization request is obtained by performing any one of the following operations for the electronic device:
when the target application program is detected to be opened, generating the current authorization request;
after the target application program is opened, generating the current authorization request according to a preset time interval;
and generating the current authorization request when detecting that the calling times of the target function in the target application program reach the reference times.
7. An application program authorization method applied to an electronic device in an application program authorization system, wherein the application program authorization system comprises the electronic device and a server, and a target application program is included in the electronic device, the method comprising:
sending a current time authorization request for the target application to the server;
receiving response data from the server, wherein the response data is obtained by the server performing authorization service according to the current authorization request;
and controlling the target application program according to the response data.
8. An application program authorization apparatus, applied to a server in an application program authorization system, the application program authorization system including an electronic device and the server, the electronic device including a target application program, the application program authorization apparatus including a processing unit and a communication unit, wherein,
the processing unit is used for starting the authorization service function of the local terminal when the encryption lock is detected; and for receiving, by the communication unit, a current secondary authorization request from the electronic device for the target application; and the authorization server is used for performing authorization service according to the current authorization request.
9. An application program authorization apparatus, applied to an electronic device in an application program authorization system, the application program authorization system comprising the electronic device and a server, the electronic device comprising a target application program, the application program authorization apparatus comprising a processing unit and a communication unit, wherein,
the processing unit is used for sending a current authorization request aiming at the target application program to the server through the communication unit; the response data is obtained by the server performing authorization service according to the current authorization request; and for controlling the target application in accordance with the response data.
10. A server, comprising a processor, memory, a communication interface, and one or more programs stored in the memory and configured to be executed by the processor, the programs including instructions for performing the steps in the method of any of claims 1-6.
11. An electronic device comprising a processor, a memory, a communication interface, and one or more programs stored in the memory and configured to be executed by the processor, the programs comprising instructions for performing the steps in the method of claim 7.
12. A computer-readable storage medium, characterized in that a computer program for electronic data exchange is stored, wherein the computer program causes a computer to perform the method according to any one of claims 1-7.
CN202010134496.7A 2020-02-29 2020-02-29 Application program authorization method and related product Pending CN113326483A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010134496.7A CN113326483A (en) 2020-02-29 2020-02-29 Application program authorization method and related product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010134496.7A CN113326483A (en) 2020-02-29 2020-02-29 Application program authorization method and related product

Publications (1)

Publication Number Publication Date
CN113326483A true CN113326483A (en) 2021-08-31

Family

ID=77412905

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010134496.7A Pending CN113326483A (en) 2020-02-29 2020-02-29 Application program authorization method and related product

Country Status (1)

Country Link
CN (1) CN113326483A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113779511A (en) * 2021-09-14 2021-12-10 湖南麒麟信安科技股份有限公司 Software authorization method, device, server and readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1819512A (en) * 2006-03-17 2006-08-16 北京飞天诚信科技有限公司 Information safety protecting method and protector based on network software
CN101291333A (en) * 2008-05-19 2008-10-22 北京深思洛克数据保护中心 Controlling method of used node number by network software
CN104635543A (en) * 2015-01-22 2015-05-20 腾讯科技(北京)有限公司 Method and device for carrying out management operation
CN105635082A (en) * 2014-11-12 2016-06-01 北大方正集团有限公司 Dynamic authorization method and system, authorization center, and authorization client
US20180218140A1 (en) * 2017-01-27 2018-08-02 International Business Machines Corporation Encryption authorization dongle having volatile memory

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1819512A (en) * 2006-03-17 2006-08-16 北京飞天诚信科技有限公司 Information safety protecting method and protector based on network software
CN101291333A (en) * 2008-05-19 2008-10-22 北京深思洛克数据保护中心 Controlling method of used node number by network software
CN105635082A (en) * 2014-11-12 2016-06-01 北大方正集团有限公司 Dynamic authorization method and system, authorization center, and authorization client
CN104635543A (en) * 2015-01-22 2015-05-20 腾讯科技(北京)有限公司 Method and device for carrying out management operation
US20180218140A1 (en) * 2017-01-27 2018-08-02 International Business Machines Corporation Encryption authorization dongle having volatile memory

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
朱启辉;黄琼;: "基于SaaS的软件在线授权机制的研究与设计", 计算机工程与设计, no. 03, 16 March 2015 (2015-03-16) *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113779511A (en) * 2021-09-14 2021-12-10 湖南麒麟信安科技股份有限公司 Software authorization method, device, server and readable storage medium

Similar Documents

Publication Publication Date Title
CN110798466B (en) Verification method and system for software license in virtual machine scene
CN107426235B (en) Authority authentication method, device and system based on equipment fingerprint
CN107145769B (en) Digital Rights Management (DRM) method, equipment and system
CN113132404B (en) Identity authentication method, terminal and storage medium
CN107818253B (en) Face template data entry control method and related product
CN107277017A (en) Purview certification method, apparatus and system based on encryption key and device-fingerprint
CN111131300A (en) Communication method, terminal and server
CN107204985A (en) Purview certification method based on encryption key, apparatus and system
CN114339755A (en) Registration verification method and device, electronic equipment and computer readable storage medium
CN113312674A (en) Access security method and system based on multi-factor environment perception digital certificate
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN111770087A (en) Service node verification method and related equipment
CN105577606B (en) A kind of method and apparatus for realizing authenticator registration
CN103559430B (en) application account management method and device based on Android system
CN113326483A (en) Application program authorization method and related product
CN107241341B (en) Access control method and device
CN117528504A (en) Proximity communication method and target communication system
CN117254969A (en) Registration authentication method for intelligent equipment accessing to Internet of things system
CN110971609A (en) Anti-cloning method of DRM client certificate, storage medium and electronic equipment
CN108574657B (en) Server access method, device and system, computing equipment and server
CN112084485B (en) Data acquisition method, device, equipment and computer storage medium
CN115563588A (en) Software offline authentication method and device, electronic equipment and storage medium
CN111246480A (en) Application communication method, system, equipment and storage medium based on SIM card
CN112260997A (en) Data access method and device, computer equipment and storage medium
CN111597545A (en) Authorization management method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination