[go: up one dir, main page]

CN120068024A - Method for designing software online authorization system - Google Patents

Method for designing software online authorization system Download PDF

Info

Publication number
CN120068024A
CN120068024A CN202411905187.XA CN202411905187A CN120068024A CN 120068024 A CN120068024 A CN 120068024A CN 202411905187 A CN202411905187 A CN 202411905187A CN 120068024 A CN120068024 A CN 120068024A
Authority
CN
China
Prior art keywords
authorization
platform
verification
product
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411905187.XA
Other languages
Chinese (zh)
Inventor
吴童
郑淑贤
李元奎
董贤坤
何苗苗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aerospace Information Shandong Technology Co ltd
Original Assignee
Aerospace Information Shandong Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aerospace Information Shandong Technology Co ltd filed Critical Aerospace Information Shandong Technology Co ltd
Priority to CN202411905187.XA priority Critical patent/CN120068024A/en
Publication of CN120068024A publication Critical patent/CN120068024A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/20Software design
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/30Creation or generation of source code
    • G06F8/38Creation or generation of source code for implementing user interfaces

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

发明公开了一种软件在线授权体系设计的方法,具体涉及软件授权领域,包括如下步骤:步骤S1,搭建系统间关系;步骤S2,设计前端界面、后端服务、数据库和安全机制;步骤S3,对用户、客户、产品和授权进行管理,并生成报表;步骤S4,对核心应用进行授权验证和版本信息收集。本发明使得软件保护强度大大提高,能够有效防止未经授权的用户使用软件,可以通过自动化的方式完成授权过程,用户只需在软件激活使用时连接服务器进行认证即可,大大提高了软件使用的便捷性,支持云端软件、移动应用等各种形式的软件授权,使得软件开发商能够更灵活地管理软件授权,满足不同用户的需求。

The invention discloses a method for designing a software online authorization system, which specifically relates to the field of software authorization, and includes the following steps: step S1, building a relationship between systems; step S2, designing a front-end interface, back-end services, databases, and security mechanisms; step S3, managing users, customers, products, and authorizations, and generating reports; step S4, performing authorization verification and version information collection on core applications. The invention greatly improves the software protection strength, can effectively prevent unauthorized users from using the software, can complete the authorization process in an automated manner, and users only need to connect to the server for authentication when the software is activated and used, which greatly improves the convenience of software use, supports various forms of software authorization such as cloud software and mobile applications, and enables software developers to manage software authorization more flexibly to meet the needs of different users.

Description

Method for designing software online authorization system
Technical Field
The invention relates to the field of software authorization, in particular to a method for designing a software online authorization system.
Background
With the rapid development of the software industry, the value of software products is increasingly prominent, and thus, the need for software protection is also increasingly urgent. Traditional software protection methods, such as hardware-based dongles, serial number verification and the like, have a certain protection effect, but have a plurality of limitations. For example, hardware dongles are easily lost or damaged, while serial number verification is easily broken or shared. Therefore, a more efficient, convenient and safe way of protecting software is needed.
With the rapid development of internet technology, online authorization of software becomes possible. Through the internet technology, a software developer can establish a cloud authorization server to realize the online storage and management of authorization information. When the user uses the software, the user can obtain the use authority of the software only by communicating with the cloud server to verify the authorization information. The method not only improves the convenience of the authorization process, but also reduces the management cost and enhances the security of the authorization information.
With the popularization of technologies such as cloud computing and mobile internet, software distribution and use scenarios become more and more diversified. Traditional software authorization methods cannot meet the diversified demands of modern software products. For example, in a cloud computing environment, software products are typically provided to users in the form of SaaS (software as a service), which requires an online authorization approach that can accommodate the cloud computing environment. In addition, with the popularity of mobile devices, the authorization management of mobile applications is becoming increasingly important. Thus, there is a need for an online authorization system that can be adapted for a variety of distribution and usage scenarios.
Limitations of existing authorization schemes
The authorization management is inconvenient, namely, a software developer needs to manually manage the authorization information of the user, so that the management cost is increased and errors are more likely to occur.
The security is insufficient, and the traditional authorization mode is easy to crack or steal, so that the copyright of the software product is infringed.
To address these issues, software online authorization systems have evolved. The method realizes the authorization and management of the software in an online mode, can greatly improve the convenience and safety of the authorization process, reduces the management cost, and is suitable for diversified software distribution and use scenes.
In the design of software online authorization systems, there are already some implementations similar to the present invention. These schemes mainly include the following:
1. cloud-based software authorization scheme:
The scheme stores the authorization information on the cloud server, wherein the authorization information comprises an authorization code, a validity period, a use range and the like, and a user needs to communicate with the cloud server to verify the authorization information when using software. Real-time authorization management and monitoring are realized, and the change of the authorization state can be responded rapidly. The client software comprises a module which is communicated with the cloud authorization server and is responsible for sending an authorization verification request and receiving a verification result. The authorization process is convenient, the management cost is low, the security is high (because the authorization information is not stored locally), but depending on the network connection, the problem of network delay or interruption may exist, and the user experience is affected.
2. Authorization scheme based on hardware features:
The scheme generates unique hardware identification by collecting hardware characteristics (such as CPU serial number, hard disk serial number, MAC address, etc.) of a computer. Binding the authorization information with the hardware identification ensures that only specific hardware devices can use the software. The user side software collects hardware characteristics when being installed or run for the first time, and generates a hardware identifier. And sending the hardware identification and the authorization information to a cloud server for verification. After the verification is passed, the user side software obtains the use authority of the software. This approach increases the security of authorization because hardware features are difficult to replicate, but the acquisition and verification process of hardware features may be complex and re-authorization may be required when hardware is replaced or upgraded.
3. Hybrid authorization scheme:
The scheme combines the characteristics of a cloud-based software authorization scheme and a hardware feature-based authorization scheme. The convenience and the management cost of the authorization process are considered, and the security of the authorization is also considered. And the user side software interacts with the cloud server and the local hardware features at the same time. The cloud server stores and manages the authorization information and performs real-time authorization verification. The local hardware feature is used to generate a unique hardware identification that is verified along with the authorization information. This approach combines the advantages of both schemes, both convenient and safe, but the system may be relatively complex, requiring the simultaneous processing of both cloud and local authentication logic.
In order to solve the above problems, a technical solution is now provided.
Disclosure of Invention
In order to overcome the above-mentioned drawbacks of the prior art, an embodiment of the present invention provides a method for designing an online authorization system of software to solve the above-mentioned problems in the prior art.
In order to achieve the above purpose, the present invention provides the following technical solutions:
A method for designing a software online authorization system comprises the following steps:
Step S1, building a relation among systems;
step S2, designing a front-end interface, a back-end service, a database and a security mechanism;
Step S3, managing users, clients, products and authorizations and generating reports;
And S4, carrying out authorization verification and version information collection on the core application.
In a preferred embodiment, step S1 specifically includes the following:
establishing a connection mechanism of a platform online authorization verification service and an enterprise product, verifying the authorization condition of the enterprise product in real time, and acquiring the version and the running state of the enterprise product through an information acquisition service;
designing an interaction mode of a middle product and an authorization platform, acquiring authorization conditions according to a module by the middle product, and judging the authorization conditions when interacting with other applications;
a mechanism for a setting platform to acquire customer information, login operator information and the association relation between operators and customers from a CRM system of a company;
docking of authorization approval process in the platform with the avigation office system;
Based on single sign-on, a unified identity management system of a platform and an internal system of a company is built.
In a preferred embodiment, step S2 specifically includes the following:
Developing a front-end interface adapting to the PC end and the mobile end, designing a back-end service based on a micro-service architecture, and dividing the back-end service into an authorization verification service, an authorization management service and a report statistics service;
selecting a relational database to store authorization data, customer information and product information;
the security mechanism adopts integrated SSL encryption transmission, API interface key verification, authority control and encryption storage.
In a preferred embodiment, step S3 specifically includes the following:
For business personnel, the platform provides single sign-on service, the platform is jumped to after logging in through the CRM system, and the CRM system provides login verification service by using the information of the CRM system, and the platform logging personnel logs in the platform after verifying the login information through the service;
for a platform non-business special user, an independent user management and login verification mechanism is constructed;
Presetting a default service personnel role in a platform, distributing corresponding rights, and automatically applying the role rights by a CRM single sign-on user;
The platform stores the basic information of the client, and the client ID or other unique identifiers are transmitted to obtain the detailed information of the client by calling a client detail query interface of the CRM system;
And displaying all authorization information of the clients in a list form on the platform, calling a client list query interface of the CRM system, and verifying the management authority of the login user on the clients.
In a preferred embodiment, step S3 specifically further includes the following:
authorizing a product manager to operate product information on the platform, including adding, editing and deleting product information;
Setting an authorization mode management function in the product information, and setting authorization rules including an authorization period, an authorization quantity and an authorization terminal according to the product characteristics and service requirements, wherein the authorization rules correspond to an authorization verification mode;
the products are classified and labeled.
In a preferred embodiment, step S3 specifically further includes the following:
Selecting a product to be authorized from the product management list, and setting corresponding verification standards according to the authorization mode of the selected product;
in a time authorization mode, recording a date for starting to take effect, and an authorization duration or an ending time;
in the authorized quantity mode, recording the total quantity which can be used;
In an authorized terminal mode, acquiring a terminal environment to form check code input;
Calling a CRM system interface to acquire a user list managed by a login person, selecting a client needing to generate authorization, and submitting an authorized production application after completion;
the approval and the approval process of the authorization application of the communication office system are automatically generated, and the result is returned to the platform after the approval is completed according to the approval process;
The platform sets approval role personnel to carry out in-platform approval, generates a unique authorization code of the authorization record after approval passes, automatically exports approved authorization, and generates an authorization file for offline authorization verification;
allowing the client to apply for renewal or upgrade authorization, executing corresponding operation after the client passes the audit, keeping the original authorization code unchanged, and generating a new authorization record;
Aiming at a user or a terminal with illegal behaviors, performing authorized cancellation operation, and giving a reminder when the user or the terminal applies for other authorized products;
Manually adjusting the generated authorization information, including prolonging the authorization period and increasing the authorization quantity, and generating a new authorization code after approval;
inquiring authorization information according to conditions such as products, clients, terminals, time and the like, wherein the conditions comprise authorized, unauthorized, expired, logged off and the like, so as to adjust the authorization strategy in time.
Recording historical information of each authorization operation, wherein the historical information covers authorization codes, authorization time, authorization objects and authorization modes;
Generating a report showing the whole condition, the authorized state and the client distribution condition of the authorized information, analyzing the authorized condition, and counting the sales quantity, the auxiliary sales amount and the profit of each product to form a sales report.
In a preferred embodiment, step S4 specifically includes the following:
The business personnel complete application of authorization information and related approval operation on the platform, when an authorized product is started or an authorization state is required to be verified according to a specified time, the product generates an authorization verification encryption request containing an authorization code, product information, a client name, a client tax number and a terminal verification code, and the authorization verification encryption request is sent to an authorization management platform through a network;
The terminal check code is generated by collecting, summarizing and encrypting hardware information of the product of the deployment enterprise end and is used for verifying an authorization mode by the terminal;
Aiming at a specific application scene, a middle-stage product forwarding mode is adopted, the self authorization of the middle-stage product is verified by sending a verification request to an authorization platform at regular time by the middle-stage, the middle-stage can request the middle-stage for authorization verification when the service is initiated by virtue of sales invoice management, entry invoice management and enterprise ticket pools of the middle-stage product application, the middle-stage firstly locally verifies whether the application authorization exists or not, and if the application authorization does not exist, the verification request is sent to the authorization platform without sending the application authorization request to the authorization platform at regular time;
After receiving the request, the authorization management platform analyzes various information in the request, firstly confirms whether the authorization record state is valid according to the authorization code, and then queries a database or caches to verify whether the authorization is in a normal range by combining the product, the authorization mode and the client information;
And the authorization management platform returns the verification result to the authorized product, and the authorized product executes corresponding operation according to the result.
In a preferred embodiment, step S4 specifically further includes the following:
integrating an authorization verification module in the authorized product, and being responsible for processing communication and verification logic between the authorization verification module and an authorization management platform, sending a verification request, receiving a verification result, executing reminding and disabling according to the result, inputting an authorization code obtained after approval of an authorization application by the verification module, and embedding a product code for sending the verification request to the authorization management platform;
The authorization management platform acquires version information from the authorized product, comprehensively knows popularization and coverage conditions of each version of the authorized product, and synchronously collects version information and authorization verification or independently collects the version information according to update frequency;
Setting a version parameter field in an authorization verification request, and automatically updating version information after the platform receives the request;
the platform stores the acquired version information and tracks the product version corresponding to each authorization.
The technical effects and advantages of the method for designing the software online authorization system are as follows:
1. Advanced encryption technology and multi-level security protection measures are adopted, the security of authorization information in the transmission and storage processes is ensured, the data leakage and illegal copying are effectively prevented, the functions of real-time monitoring and updating are ensured, the accuracy and the effectiveness of the authorization information are ensured, the change of the authorization state is responded in time, the illegal use of software is prevented, the application of an automatic management tool such as automatic distribution, updating and monitoring license and the like is reduced, the management cost is improved, the management efficiency is improved, the expanded modularized design is facilitated, the subsequent function upgrading and expanding are facilitated, and the change of software protection and management requirements is met;
2. the method has the advantages of simple and visual design of the authorization process, reduced learning cost of the user and improved operation efficiency of the user. Various authorization modes, such as online authorization, offline authorization and the like, are provided, so that the use scenes and the requirements of different users are adapted, the user experience is improved, personalized authorization services, such as purchase on demand, trial purchase and the like, can be provided in an expandable manner according to the use situations and the requirements of the users, and the use threshold of the users is reduced. Providing real-time license information, such as expiration reminding, upgrading reminding and the like, and helping users to better manage and use software;
3. The system supports various operating systems, browsers and equipment types, ensures that users can seamlessly use authorization functions on different platforms, is suitable for traditional software industries such as management, manufacture and the like, is also suitable for various business fields such as stock software, mass-sending software, game software, online working software and the like, can be integrated with other management systems inside a company, realizes sharing of data, is expandable in architecture, is intelligent and automatic in function, improves the management level and competitiveness of enterprises, is convenient for management of products and users, and reduces the cost of software protection, authorization, release and maintenance;
4. The method supports various authorization modes such as time authorization, function authorization, equipment authorization, quantity authorization and the like, provides a more flexible sales mode for a software developer, and authorizes a real-time updating function, so that the software developer can charge according to the use condition of a client, realize a sales mode according to use payment, collect use data, enable the software developer to perform product optimization and decision adjustment according to the use condition of the client, discover potential market opportunities and improvement points by analyzing user use data, and create more profit-making modes for the software developer;
5. The system has higher flexibility, can be properly adjusted and optimized according to actual conditions, for example, the system supports various data interfaces and file formats, is convenient for information interaction and sharing between a company and a software user, and simultaneously, the system also supports flexible configuration and custom function development so as to meet the continuously changing requirements and technical development of enterprises, thereby being beneficial to the enterprises to realize the flexibility and sustainable development of software product management.
Drawings
FIG. 1 is a flow chart of a method for designing a software online authorization system according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
FIG. 1 shows a method for designing a software online authorization system, which specifically comprises the following steps:
Step S1, building a relation among systems;
step S2, designing a front-end interface, a back-end service, a database and a security mechanism;
Step S3, managing users, clients, products and authorizations and generating reports;
And S4, carrying out authorization verification and version information collection on the core application.
The step S1 specifically comprises the following steps:
establishing a connection mechanism of a platform online authorization verification service and an enterprise product, verifying the authorization condition of the enterprise product in real time, and acquiring the version and the running state of the enterprise product through an information acquisition service;
designing an interaction mode of a middle product and an authorization platform, acquiring authorization conditions according to a module by the middle product, and judging the authorization conditions when interacting with other applications;
a mechanism for a setting platform to acquire customer information, login operator information and the association relation between operators and customers from a CRM system of a company;
docking of authorization approval process in the platform with the avigation office system;
Based on single sign-on, a unified identity management system of a platform and an internal system of a company is built.
It is necessary to supplement that unauthorized product use can be effectively prevented by verifying the authorization of the enterprise-side product in real time. The method can ensure that the software copyright of the software developer is not violated, and reduce the economic loss caused by piracy.
For example, a software company develops professional enterprise management software, and through the online authorization verification mechanism, only an enterprise who purchases authorization can be ensured to normally use the software, so that unauthorized illegal copying and use inside the enterprise are avoided.
And the version and running state information of the enterprise-side product are acquired, so that a software developer can know the use condition of the product in the enterprise in time. When software faults occur or upgrading is required, developers can more accurately locate problems and formulate upgrading strategies according to the information.
The step S2 specifically includes the following:
Developing a front-end interface adapting to the PC end and the mobile end, designing a back-end service based on a micro-service architecture, and dividing the back-end service into an authorization verification service, an authorization management service and a report statistics service;
selecting a relational database to store authorization data, customer information and product information;
the security mechanism adopts integrated SSL encryption transmission, API interface key verification, authority control and encryption storage.
The front-end interface of the PC end and the mobile end is developed and adapted, so that the requirement of a user on using software on different devices can be met. The software can be accessed and operated conveniently, both by the user working in the office with the PC and by the user who needs to process the business through the mobile terminal at the business trip.
The back-end service is designed based on the micro-service architecture, and the system is divided into modules such as an authorization verification service, an authorization management service, a report statistics service and the like, so that each service can be independently deployed, operated and expanded. If one of the services fails, for example, the authorization verification service fails, the normal operation of the authorization management service and the report statistics service is not affected, and the availability of the whole system is improved.
The step S3 specifically comprises the following steps:
For business personnel, the platform provides single sign-on service, the platform is jumped to after logging in through the CRM system, and the CRM system provides login verification service by using the information of the CRM system, and the platform logging personnel logs in the platform after verifying the login information through the service;
for a platform non-business special user, an independent user management and login verification mechanism is constructed;
Presetting a default service personnel role in a platform, distributing corresponding rights, and automatically applying the role rights by a CRM single sign-on user;
The platform stores the basic information of the client, and the client ID or other unique identifiers are transmitted to obtain the detailed information of the client by calling a client detail query interface of the CRM system;
And displaying all authorization information of the clients in a list form on the platform, calling a client list query interface of the CRM system, and verifying the management authority of the login user on the clients.
The platform provides single sign-on service, and business personnel can directly jump to the platform after logging in through the CRM system without inputting account numbers and passwords again. The login process is greatly simplified, the time of business personnel is saved, and the working efficiency is improved.
Independent user management and login verification mechanisms are built for platform non-business special users (such as business department, approval, lead inquiry, system management and the like), and customized authority setting and management can be carried out according to special requirements of the users.
And displaying all the authorization information of the clients in a list form on the platform, and verifying the management authority of the logged-in user on the clients by calling a client list query interface of the CRM system, so that the user with the management authority can be ensured to be capable of operating the client authorization.
For example, when a business person wants to view or modify the software authorization information of a certain client, the platform can verify whether the platform has the management authority of the client through the CRM system, so that an unauthorized user is prevented from misoperation on the client authorization.
The step S3 specifically further comprises the following contents:
authorizing a product manager to operate product information on the platform, including adding, editing and deleting product information;
Setting an authorization mode management function in the product information, and setting authorization rules including an authorization period, an authorization quantity and an authorization terminal according to the product characteristics and service requirements, wherein the authorization rules correspond to an authorization verification mode;
the products are classified and labeled.
It is necessary to supplement that the authorized product manager can directly perform the operations of adding, editing and deleting the product information on the platform, so that the maintenance of the product information becomes efficient and convenient. For example, when a new software product is pushed out, an administrator can quickly add information such as product name, version, code, description, default authorization mode and the like to the platform, so that the product can enter the authorization management flow in time.
For updating of product information, such as product description modification after upgrading of a software version, an administrator can quickly complete the updating through an editing function, and timeliness and accuracy of the product information on the platform are guaranteed.
The step S3 specifically further comprises the following contents:
Selecting a product to be authorized from the product management list, and setting corresponding verification standards according to the authorization mode of the selected product;
in a time authorization mode, recording a date for starting to take effect, and an authorization duration or an ending time;
in the authorized quantity mode, recording the total quantity which can be used;
In an authorized terminal mode, acquiring a terminal environment to form check code input;
Calling a CRM system interface to acquire a user list managed by a login person, selecting a client needing to generate authorization, and submitting an authorized production application after completion;
the approval and the approval process of the authorization application of the communication office system are automatically generated, and the result is returned to the platform after the approval is completed according to the approval process;
The platform sets approval role personnel to carry out in-platform approval, generates a unique authorization code of the authorization record after approval passes, automatically exports approved authorization, and generates an authorization file for offline authorization verification;
allowing the client to apply for renewal or upgrade authorization, executing corresponding operation after the client passes the audit, keeping the original authorization code unchanged, and generating a new authorization record;
Aiming at a user or a terminal with illegal behaviors, performing authorized cancellation operation, and giving a reminder when the user or the terminal applies for other authorized products;
Manually adjusting the generated authorization information, including prolonging the authorization period and increasing the authorization quantity, and generating a new authorization code after approval;
inquiring authorization information according to conditions such as products, clients, terminals, time and the like, wherein the conditions comprise authorized, unauthorized, expired, logged off and the like, so as to adjust the authorization strategy in time.
Recording historical information of each authorization operation, wherein the historical information covers authorization codes, authorization time, authorization objects and authorization modes;
Generating a report showing the whole condition, the authorized state and the client distribution condition of the authorized information, analyzing the authorized condition, and counting the sales quantity, the auxiliary sales amount and the profit of each product to form a sales report.
It should be added that corresponding verification standards can be set according to the authorization modes of different products, such as entering effective date and time length in a time authorization mode, so that authorization is closely matched with product characteristics and customer requirements. For example, for seasonal use software products, the authorization for a specific time period can be accurately set, avoiding wasting resources and authorization vulnerabilities.
The detailed setting of the authorized quantity and the terminal mode can effectively control the application range and the scale of the software, ensure the rights and interests of software providers and reasonable distribution of products, and prevent excessive use or illegal terminal access.
The client authorization renewal and upgrading application is supported, the original authorization code is unchanged to generate a new record, and the continuity and stability of the client use are ensured. For long-term cooperative clients or business expansion demands, the authorization level can be conveniently adjusted, and the satisfaction degree and the loyalty degree of clients are enhanced.
The manual regulation authorization information function (such as the extension of the period and the increase of the number) can be used for coping with special situations or temporary service regulation, so that the authorization management has more flexibility and elasticity, and the requirement of diversified service scenes is met.
The step S4 specifically includes the following:
The business personnel complete application of authorization information and related approval operation on the platform, when an authorized product is started or an authorization state is required to be verified according to a specified time, the product generates an authorization verification encryption request containing an authorization code, product information, a client name, a client tax number and a terminal verification code, and the authorization verification encryption request is sent to an authorization management platform through a network;
The terminal check code is generated by collecting, summarizing and encrypting hardware information of the product of the deployment enterprise end and is used for verifying an authorization mode by the terminal;
Aiming at a specific application scene, a middle-stage product forwarding mode is adopted, the self authorization of the middle-stage product is verified by sending a verification request to an authorization platform at regular time by the middle-stage, the middle-stage can request the middle-stage for authorization verification when the service is initiated by virtue of sales invoice management, entry invoice management and enterprise ticket pools of the middle-stage product application, the middle-stage firstly locally verifies whether the application authorization exists or not, and if the application authorization does not exist, the verification request is sent to the authorization platform without sending the application authorization request to the authorization platform at regular time;
After receiving the request, the authorization management platform analyzes various information in the request, firstly confirms whether the authorization record state is valid according to the authorization code, and then queries a database or caches to verify whether the authorization is in a normal range by combining the product, the authorization mode and the client information;
And the authorization management platform returns the verification result to the authorized product, and the authorized product executes corresponding operation according to the result.
It is necessary to supplement that the business personnel apply for and approve the operation in the centralized way on the platform, thus realizing the standardization and standardization of the flow. This helps to reduce human error and uncertainty of approval process, and improve accuracy and efficiency of authorization management. For example, through a preset approval process and authority setting, only the application meeting the conditions can be approved, and random authorization is avoided.
The authorized product automatically generates an authorization verification encryption request according to the regulations and sends the authorization verification encryption request to an authorization management platform, so that the automatic triggering of a verification process is realized. The authorization status check can be timely and accurately performed no matter when the product is started or verified in a specified time, manual intervention is not needed, time and labor cost are greatly saved, and meanwhile, the authorization vulnerability risk caused by human negligence is also reduced.
For a specific application scene, a middle station product forwarding form is adopted, and the self authorization timing verification mechanism of the middle station can reasonably allocate resources, so that a large number of unnecessary verification requests are prevented from being frequently sent to an authorization platform. For example, the middle station can set a proper timing verification interval according to the busyness of the self service and the application rule, and reduces the occupation of network bandwidth and the consumption of computing resources of an authorization platform on the premise of guaranteeing the authorization effectiveness.
Depending on the application of the middle station, when the service is initiated, requesting authorization verification from the middle station, the middle station firstly locally verifies whether the application is authorized or not, and if the application is not authorized, sending a request to the authorization platform. The hierarchical verification mechanism greatly improves the efficiency of authorization verification and reduces the delay of verification requests. Because in many cases, the authorization condition of the application can be quickly confirmed locally at the middle station without being transmitted to the authorization platform for verification through a network, the response time of service processing is shortened, and the user experience is improved.
The step S4 specifically further comprises the following contents:
integrating an authorization verification module in the authorized product, and being responsible for processing communication and verification logic between the authorization verification module and an authorization management platform, sending a verification request, receiving a verification result, executing reminding and disabling according to the result, inputting an authorization code obtained after approval of an authorization application by the verification module, and embedding a product code for sending the verification request to the authorization management platform;
The authorization management platform acquires version information from the authorized product, comprehensively knows popularization and coverage conditions of each version of the authorized product, and synchronously collects version information and authorization verification or independently collects the version information according to update frequency;
Setting a version parameter field in an authorization verification request, and automatically updating version information after the platform receives the request;
the platform stores the acquired version information and tracks the product version corresponding to each authorization.
It is added that the authorization verification module is integrated in the authorized product, so that the tight communication with the authorization management platform and the efficient verification logic processing are realized. The method can automatically and timely send the verification request and receive the result without manual intervention, and greatly improves the efficiency and timeliness of authorization verification. For example, when the product is started each time or is subjected to authorization checking periodically according to the set time, the verification module can rapidly complete request sending and result receiving, ensure that the product is always in a legal authorization state for operation, and reduce the risk of service interruption caused by authorization problems.
The reminding and disabling functions are performed according to the verification result, and an effective authorization management means is provided for the software provider. When the authorization is about to expire, the verification module can pop up a reminding message to the user, so that the user is prompted to process the authorization renewal matters in time, and the influence on normal service development due to expiration of the authorization is avoided. If verification fails, if illegal copying or authorized abuse is found, the verification module can immediately disable the product function, protect software intellectual property rights and prevent illegal use and economic loss.
The verification module inputs the authorization code and the built-in product code, so that the accuracy and the uniqueness of the verification request are ensured. The authorization code is used as a core identification of authorization, is combined with the product code, and can accurately convey the authorization information of the product to the authorization management platform, so that the authorization management platform can rapidly and accurately perform authorization verification and state judgment, and the operation accuracy and reliability of the whole authorization system are improved.
The authorization management platform acquires version information from the authorized product, so that the popularization condition of the authorized product in the market and the coverage range of each version can be comprehensively known. By analyzing the use proportion and feedback information of different versions in different areas and different client groups, a software provider can formulate a product popularization strategy in a targeted manner so as to optimize market resource allocation. For example, if a new version is found to be slow to popularize among customers in a particular industry, the reasons can be deeply analyzed and marketing strategies can be adjusted, the popularization strength can be increased, or the product functions can be improved to meet the requirements of the industry.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Finally, the foregoing description of the preferred embodiment of the invention is provided for the purpose of illustration only, and is not intended to limit the invention to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

Claims (8)

1.一种软件在线授权体系设计的方法,其特征在于,包括如下步骤:1. A method for designing a software online authorization system, characterized in that it comprises the following steps: 步骤S1,搭建系统间关系;Step S1, building relationships between systems; 步骤S2,设计前端界面、后端服务、数据库和安全机制;Step S2, design the front-end interface, back-end services, database and security mechanism; 步骤S3,对用户、客户、产品和授权进行管理,并生成报表;Step S3, manage users, customers, products and authorizations, and generate reports; 步骤S4,对核心应用进行授权验证和版本信息收集。Step S4: perform authorization verification and version information collection on the core application. 2.根据权利要求1所述的一种软件在线授权体系设计的方法,其特征在于:2. The method for designing a software online authorization system according to claim 1, characterized in that: 步骤S1具体包括以下内容:Step S1 specifically includes the following contents: 建立平台在线授权验证服务与企业端产品的连接机制,实时验证企业端产品的授权情况,并通过信息采集服务获取企业端产品的版本和运行状态;Establish a connection mechanism between the platform's online authorization verification service and enterprise-side products, verify the authorization status of enterprise-side products in real time, and obtain the version and operating status of enterprise-side products through information collection services; 设计中台产品与授权平台的交互模式,由中台产品按模块获取授权情况,在与其他应用交互时判断授权情况;Design the interaction mode between the middle-end products and the authorization platform, so that the middle-end products can obtain authorization status by module and judge the authorization status when interacting with other applications; 设定平台从公司CRM系统获取客户信息、登录操作人员信息以及操作人员与客户关联关系的机制;Set up a mechanism for the platform to obtain customer information, login operator information, and operator-customer relationship from the company's CRM system; 平台内授权审批流程与航信办公系统的对接;The authorization and approval process within the platform is connected with the Air China office system; 以单点登录为基础,构建平台与公司内部系统的统一身份管理体系。Based on single sign-on, a unified identity management system is built for the platform and the company's internal systems. 3.根据权利要求2所述的一种软件在线授权体系设计的方法,其特征在于:3. The method for designing a software online authorization system according to claim 2, characterized in that: 步骤S2具体包括以下内容:Step S2 specifically includes the following contents: 开发适配PC端与移动端的前端界面,基于微服务架构设计后端服务,将其划分为授权验证服务、授权管理服务和报表统计服务;Develop front-end interfaces that are compatible with PC and mobile terminals, design back-end services based on microservice architecture, and divide them into authorization verification services, authorization management services, and report statistics services; 选用关系型数据库存储授权数据、客户信息和产品信息;Choose a relational database to store authorization data, customer information, and product information; 安全机制选用集成SSL加密传输、API接口密钥验证、权限控制和加密存储。The security mechanism integrates SSL encrypted transmission, API interface key verification, permission control and encrypted storage. 4.根据权利要求3所述的一种软件在线授权体系设计的方法,其特征在于:4. The method for designing a software online authorization system according to claim 3, characterized in that: 步骤S3具体包括以下内容:Step S3 specifically includes the following contents: 对于业务人员,平台提供单点登录服务,通过CRM系统登录后跳转至本平台,并使用CRM系统登录人员信息,CRM系统提供登录验证服务,平台登录人员通过该服务验证登录信息后登录本平台;For business personnel, the platform provides a single sign-on service. After logging in through the CRM system, they will be redirected to the platform and use the CRM system login personnel information. The CRM system provides a login verification service. The platform login personnel will log in to the platform after verifying the login information through the service. 对于平台非业务专用用户,构建独立的用户管理和登录验证机制;For non-business-specific users of the platform, an independent user management and login verification mechanism is established; 在平台内预设默认业务人员角色并分配相应权限,通过CRM单点登录的用户自动应用该角色权限;Preset default business personnel roles in the platform and assign corresponding permissions. Users who log in through CRM single sign-on will automatically apply the role permissions. 平台存储客户基本信息,通过调用CRM系统的客户详情查询接口,传入客户ID或其他唯一性标识获取客户详细信息;The platform stores basic customer information and obtains detailed customer information by calling the customer detail query interface of the CRM system and passing in the customer ID or other unique identifier; 在平台上以列表形式展示客户的所有授权信息,调用CRM系统的客户列表查询接口,验证登录用户对客户的管理权限。Display all customer authorization information in a list on the platform, call the customer list query interface of the CRM system, and verify the logged-in user's management authority over the customer. 5.根据权利要求4所述的一种软件在线授权体系设计的方法,其特征在于:5. The method for designing a software online authorization system according to claim 4, characterized in that: 步骤S3具体还包括以下内容:Step S3 specifically also includes the following contents: 授权产品管理员在平台上对产品信息进行操作,包括添加、编辑和删除产品信息;Authorize product administrators to operate product information on the platform, including adding, editing and deleting product information; 在产品信息中设置授权模式管理功能,依据产品特性和业务需求,设定授权规则,包括授权期限、授权数量和授权终端,且授权规则与授权验证方式相互对应;Set up the authorization mode management function in the product information, and set the authorization rules according to the product characteristics and business requirements, including the authorization period, authorization quantity and authorized terminals, and the authorization rules and authorization verification methods correspond to each other; 对产品进行分类和打标签。Categorize and label products. 6.根据权利要求5所述的一种软件在线授权体系设计的方法,其特征在于:6. The method for designing a software online authorization system according to claim 5, characterized in that: 步骤S3具体还包括以下内容:Step S3 specifically also includes the following contents: 从产品管理列表中选择待授权产品,根据所选产品的授权模式设定相应验证标准;Select the product to be authorized from the product management list and set the corresponding verification standard according to the authorization mode of the selected product; 时间授权模式下,录入开始生效日期及授权时长或结束时间;In the time authorization mode, enter the effective start date and authorization duration or end time; 授权数量模式下,录入可使用总量;In the authorized quantity mode, enter the total amount that can be used; 授权终端模式下,采集终端环境形成校验码录入;In the authorized terminal mode, the verification code is entered by collecting the terminal environment; 调用CRM系统接口获取登录人员所管理的用户列表,从中选择需生成授权的客户,完成后提交授权生产申请;Call the CRM system interface to obtain the user list managed by the logged-in personnel, select the customer for whom authorization needs to be generated, and submit the authorization production application after completion; 打通与航信办公系统的授权申请审批流程,自动生成审批流程,按审批流完成审批后将结果返回平台;Connect the authorization application approval process with the Air China office system, automatically generate the approval process, and return the results to the platform after the approval is completed according to the approval process; 平台设置审批角色人员进行平台内审批,审批通过后生成该授权记录的唯一授权码,已审批授权的自动导出,生成授权文件用于离线授权验证;The platform sets up approval role personnel to conduct approval within the platform. After approval, a unique authorization code for the authorization record is generated. The approved authorization is automatically exported, and an authorization file is generated for offline authorization verification; 允许对客户进行申请续期或升级授权,审核通过后执行相应操作,原授权码保持不变,生成新的授权记录;Allow customers to apply for renewal or upgrade authorization. After approval, execute the corresponding operation. The original authorization code remains unchanged and a new authorization record is generated. 针对存在违规行为的用户或终端,执行授权注销操作,并在其申请其他授权产品时给予提醒;For users or terminals that violate regulations, we will cancel their authorization and remind them when they apply for other authorized products. 手动调整已生成的授权信息,包括延长授权期限和增加授权数量,审批通过后生成新的授权码;Manually adjust the generated authorization information, including extending the authorization period and increasing the authorization quantity, and generate a new authorization code after approval; 按产品、客户、终端、时间等条件查询授权信息,包括已授权、未授权、已过期、已注销等状态,以便及时调整授权策略;Query authorization information by product, customer, terminal, time and other conditions, including authorized, unauthorized, expired, cancelled and other statuses, so as to adjust authorization policies in a timely manner; 记录每一次授权操作的历史信息,涵盖授权码、授权时间、授权对象和授权模式;Record the historical information of each authorization operation, including authorization code, authorization time, authorization object and authorization mode; 生成展示授权信息整体情况和授权状态以及客户分布情况的报表,分析授权情况,统计各产品的销售数量、辅助销售额和利润,形成销售报表。Generate reports showing the overall authorization information, authorization status, and customer distribution, analyze the authorization status, and count the sales volume, auxiliary sales, and profits of each product to form sales reports. 7.根据权利要求6所述的一种软件在线授权体系设计的方法,其特征在于:7. The method for designing a software online authorization system according to claim 6, characterized in that: 步骤S4具体包括以下内容:Step S4 specifically includes the following contents: 业务人员在平台上完成授权信息的申请和相关审批操作,当被授权产品启动或按规定时间需验证授权状态时,产品生成包含授权码、产品信息、客户名称、客户税号和终端校验码的授权验证加密请求,并通过网络发送至授权管理平台;Business personnel complete the application for authorization information and related approval operations on the platform. When the authorized product is started or the authorization status needs to be verified at the specified time, the product generates an encrypted authorization verification request containing the authorization code, product information, customer name, customer tax number and terminal verification code, and sends it to the authorization management platform through the network; 其中,终端校验码是针对部署企业端产品的硬件信息采集汇总加密生成的,用于终端验证授权模式;The terminal verification code is generated by collecting, summarizing and encrypting the hardware information of enterprise-side products, and is used for terminal verification authorization mode; 针对特定应用场景,采用中台产品转发形式,中台产品自身的授权由中台定时向授权平台发送验证请求进行验证,依托于中台产品应用的销项发票管理、进项发票管理和企业票池,在业务发起时可向中台请求授权验证情况,中台先在本地验证是否有该应用的授权,若不存在则向授权平台发送验证请求,无需定时向授权平台发送应用授权请求;For specific application scenarios, the middle platform product forwarding form is adopted. The authorization of the middle platform product itself is verified by the middle platform sending verification requests to the authorization platform regularly. Relying on the sales invoice management, input invoice management and enterprise ticket pool of the middle platform product application, the authorization verification status can be requested from the middle platform when the business is initiated. The middle platform first verifies whether there is authorization for the application locally. If not, it sends a verification request to the authorization platform. There is no need to send application authorization requests to the authorization platform regularly. 授权管理平台接收请求后,解析其中各项信息,首先依据授权码确认授权记录状态是否有效,然后结合产品、授权模式和客户信息,查询数据库或缓存验证其授权是否在正常范围内;After receiving the request, the authorization management platform parses the information therein. First, it confirms whether the authorization record status is valid based on the authorization code. Then, it queries the database or cache to verify whether the authorization is within the normal range based on the product, authorization mode and customer information. 授权管理平台将验证结果返回给被授权产品,被授权产品根据结果执行相应操作。The authorization management platform returns the verification results to the authorized product, and the authorized product performs corresponding operations based on the results. 8.根据权利要求7所述的一种软件在线授权体系设计的方法,其特征在于:8. The method for designing a software online authorization system according to claim 7, characterized in that: 步骤S4具体还包括以下内容:Step S4 specifically also includes the following contents: 在被授权产品中集成授权验证模块,负责处理与授权管理平台之间的通信和验证逻辑,能够发送验证请求、接收验证结果,并依据结果执行提醒和禁用,验证模块录入授权申请审批后获得的授权码,并内置产品编码,用于向授权管理平台发送验证请求;An authorization verification module is integrated into the authorized product, which is responsible for handling the communication and verification logic with the authorization management platform. It can send verification requests, receive verification results, and perform reminders and disablements based on the results. The verification module enters the authorization code obtained after the authorization application is approved, and has a built-in product code for sending verification requests to the authorization management platform; 授权管理平台从被授权产品中获取版本信息,全面了解授权产品的推广及各版本覆盖情况,版本信息收集与授权验证同步进行或根据更新频率单独采集;The authorization management platform obtains version information from the authorized product to fully understand the promotion of the authorized product and the coverage of each version. Version information collection and authorization verification are carried out simultaneously or separately according to the update frequency; 在授权验证请求中设置版本参数字段,平台收到此类请求后自动更新版本信息;Set the version parameter field in the authorization verification request. The platform will automatically update the version information after receiving such a request. 平台将获取的版本信息进行存储,对每个授权对应的产品版本的追踪。The platform stores the obtained version information and tracks the product version corresponding to each authorization.
CN202411905187.XA 2024-12-23 2024-12-23 Method for designing software online authorization system Pending CN120068024A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411905187.XA CN120068024A (en) 2024-12-23 2024-12-23 Method for designing software online authorization system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411905187.XA CN120068024A (en) 2024-12-23 2024-12-23 Method for designing software online authorization system

Publications (1)

Publication Number Publication Date
CN120068024A true CN120068024A (en) 2025-05-30

Family

ID=95784652

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411905187.XA Pending CN120068024A (en) 2024-12-23 2024-12-23 Method for designing software online authorization system

Country Status (1)

Country Link
CN (1) CN120068024A (en)

Similar Documents

Publication Publication Date Title
US10326637B2 (en) Functionality management via application modification
CN103067169B (en) Application Licensing Authority
CN101647219B (en) Mechanism for secure rehosting of licenses
CN100487626C (en) Computer implemented method and system for controlling use of digitally encoded products
US8725645B1 (en) Non-invasive metering system for software licenses
CN101866404B (en) Software system module independent authorization control method and device
CN111079091A (en) Software security management method and device, terminal and server
CN103714273B (en) A kind of software authorization system and method based on online dynamic authorization
US20160005016A1 (en) Metering System For Software Licenses
CN112818328A (en) Multi-system authority management method, device, equipment and storage medium
US20040039705A1 (en) Distributing a software product activation key
US20070198427A1 (en) Computer service licensing management
AU2010247992A1 (en) Interaction model to migrate states and data
CN102307114A (en) Management method of network
CN101753313A (en) Password management method, password management system and password management server
CN111062028B (en) Authority management method and device, storage medium and electronic equipment
CN101369303B (en) Method and system for controlling concurrency user number
CN104484620A (en) Method for avoiding false declaration of sales volume and inventory in fast-selling sales management cloud system
CN101853359A (en) A software authorization and protection method and system based on application software distribution
US9027155B2 (en) System for governing the disclosure of restricted data
CN119203088A (en) Rights management method, device, computer equipment and storage medium
CN120068024A (en) Method for designing software online authorization system
CN116305217A (en) Multi-tenant management method, device, computer equipment and storage medium
CN110110510A (en) A kind of engineering calculation model management method based on cloud computing
CN109753769A (en) A blockchain-based software authorization method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination