SDK software interface service authorization method and device

文档序号：168994 发布日期：2021-10-29 浏览：33次中文

阅读说明：本技术 一种sdk软件接口服务授权方法及装置 (SDK software interface service authorization method and device ) 是由黄杰饶轩衡张习伟宋京泽孙晓汪萌于 2021-06-25 设计创作，主要内容包括：本发明公开了一种SDK软件接口服务授权方法及装置,属于互联网技术领域,包括：用户方启动API接口时,读取用户方硬件设备上的授权文件,从授权文件中读取文件内容,该授权文件为服务提供方基于用户方的硬件设备参数生成授权序列号,并将授权序列号写入硬件设备的文件得到；判断文件内容与当前设备的硬件环境是否一致；若是,从文件内容获取硬件设备对应的授权状态,该授权状态包括永久授权、限时授权和单次授权；若否,确定当前用户方无权限。本发明可使获得授权的用户能够在准许使用的授权时间范围内获得提供的SDK的使用权限并且安全的使用。(The invention discloses a method and a device for authorizing an SDK software interface service, which belong to the technical field of Internet and comprise the following steps: when a user side starts an API (application program interface), reading an authorization file on hardware equipment of the user side, reading file content from the authorization file, generating an authorization serial number for a service provider based on hardware equipment parameters of the user side, and writing the authorization serial number into a file of the hardware equipment to obtain the authorization serial number; judging whether the file content is consistent with the hardware environment of the current equipment; if so, acquiring an authorization state corresponding to the hardware equipment from the file content, wherein the authorization state comprises permanent authorization, time-limited authorization and single authorization; if not, determining that the current user side has no authority. The invention can enable the authorized user to obtain the use authority of the provided SDK within the authorized time range of the permitted use and the safe use.)

1. An SDK software interface service authorization method, comprising:

when a user side starts an API (application program interface), reading an authorization file on hardware equipment of the user side, reading file content from the authorization file, generating an authorization serial number for a service provider based on hardware equipment parameters of the user side, and writing the authorization serial number into a file of the hardware equipment to obtain the authorization serial number;

judging whether the file content is consistent with the hardware environment of the current equipment;

if so, acquiring an authorization state corresponding to the hardware equipment from the file content, wherein the authorization state comprises permanent authorization, time-limited authorization and single authorization;

if not, determining that the current user side has no authority.

2. The SDK software interface service authorization method of claim 1, wherein the hardware device parameters include a C-disk serial number, a network card name, a Mac address corresponding to the network card;

the service provider generates an authorization serial number based on the hardware device parameters of the user side, and writes the authorization serial number into a file of the hardware device, including:

obfuscating the hardware device parameter, the authorization code and the random number through an encryption algorithm to generate a machine code, wherein the authorization code comprises an authorization state and authorization time;

encrypting the machine code by des, and then coding by base64 to generate an encrypted serial number;

and writing the serial number into a file of the hardware equipment of the user side.

3. The SDK software interface service authorization method of claim 2, wherein said writing a serial number into a file of a hardware device on the user side comprises:

and writing the serial number into an hb _ eth0 file under an etc directory of the hardware equipment on the user side.

4. The SDK software interface service authorization method of claim 2, wherein reading the authorization file on the user-side hardware device, reading the file contents from the authorization file, comprises:

decoding the authorization file by base64, and then performing des decryption to obtain the content of the authorization file;

obtaining the device fingerprint serial number from the content of the authorization file: hardware device parameters + authorization codes.

5. The SDK software interface service authorization method of claim 2, wherein when the authorization status is time-limited authorization, further comprising:

and reading the authorization content of the authorization file at set time intervals and analyzing the authorization time until the authorization time is zero and the authorization is cut off.

6. The SDK software interface service authorization method of any one of claims 1-5, further comprising, prior to the determining whether the file content is consistent with the current device's hardware environment:

judging whether the authorization file exists or not;

if yes, judging whether the file content is consistent with the hardware environment of the current equipment;

if not, determining that the user side has no authority.

7. An SDK software interface service authorization means, comprising a first server arranged at a service provider and a second server arranged at a user, the first server and the second server being communicatively connected, the second server comprising a memory for storing a computer program and a processor, the computer program when executed by the processor implementing the method of any of claims 1 to 6.

8. The SDK software interface service authorization apparatus of claim 7, wherein the first server includes an acquisition module and an encryption module, the acquisition module is configured to acquire hardware device parameters of the user, and the encryption module is configured to generate an authorization sequence number based on the hardware device parameters and write the authorization sequence number into a file of the hardware device.

9. The SDK software interface service authorization apparatus of claim 8, wherein the hardware device parameters include a C-disk serial number, a network card name, and a Mac address corresponding to the network card.

10. The SDK software interface service authorization apparatus of claim 9, wherein the encryption module is specifically configured to:

encrypting the machine code by des, and then coding by base64 to generate an encrypted serial number;

and writing the serial number into a file of the hardware equipment of the user side.

Technical Field

The invention relates to the technical field of internet, in particular to an SDK software interface service authorization method and device.

Background

A Software Development Kit (SDK) refers to a kit provided by a third-party service provider to implement a certain function of a software product. The security of mobile services is improved by performing an authorization management method on the SDK, and some existing commonly used SDK device service authorization policies still have some defects, such as: the attribute of authentication time is lacked, and for some users needing permanent authentication, the authentication operation of encryption and decryption is needed once for calling data every time, so that the hardware resource overhead is greatly wasted. Encryption and decryption are heavily dependent on software systems, requiring encryption and decryption every time they are opened and closed, resulting in wasted time, longer wasted time if files are batched and inefficient to execute. Some files are only suitable for text file encryption, and are not friendly to files such as source codes or link libraries which need to be imported into a program to run.

Disclosure of Invention

The invention aims to overcome the defects in the prior art and save resources.

In order to achieve the above object, in one aspect, the present invention provides a method for service authorization of an SDK software interface, including:

judging whether the file content is consistent with the hardware environment of the current equipment;

if not, determining that the current user side has no authority.

Further, the hardware device parameters include a C-disk serial number, a network card name, and a Mac address corresponding to the network card;

encrypting the machine code by des, and then coding by base64 to generate an encrypted serial number;

and writing the serial number into a file of the hardware equipment of the user side.

Further, the writing the serial number into a file of the hardware device on the user side includes:

and writing the serial number into an hb _ eth0 file under an etc directory of the hardware equipment on the user side.

Further, the reading an authorization file on a hardware device on the user side and the reading file content from the authorization file include:

decoding the authorization file by base64, and then performing des decryption to obtain the content of the authorization file;

obtaining the device fingerprint serial number from the content of the authorization file: hardware device parameters + authorization codes.

Further, when the authorization status is time-limited authorization, the method further includes:

and reading the authorization content of the authorization file at set time intervals and analyzing the authorization time until the authorization time is zero and the authorization is cut off.

Further, before the determining whether the file content is consistent with the hardware environment of the current device, the method further includes:

judging whether the authorization file exists or not;

if yes, judging whether the file content is consistent with the hardware environment of the current equipment;

if not, determining that the user side has no authority.

In another aspect, an SDK software interface service authorization apparatus is adopted, which includes a first server disposed at a service provider side and a second server disposed at a user side, the first server and the second server are connected to communicate, and the second server includes a memory and a processor, the memory is used for storing a computer program, and when the computer program is executed by the processor, the SDK software interface service authorization method is implemented.

Further, the first server includes an obtaining module and an encrypting module, the obtaining module is configured to obtain a hardware device parameter of the user, and the encrypting module is configured to generate an authorization serial number based on the hardware device parameter, and write the authorization serial number into a file of the hardware device.

Further, the hardware device parameters include a C-disk serial number, a network card name, and a Mac address corresponding to the network card.

Further, the encryption module is specifically configured to:

encrypting the machine code by des, and then coding by base64 to generate an encrypted serial number;

and writing the serial number into a file of the hardware equipment of the user side.

Compared with the prior art, the invention has the following technical effects: the invention can effectively prevent the user from providing the SDK for the third party to use by binding the SDK with the hardware equipment, and simultaneously, the core algorithm can not be revealed; and provides three functional rights: the method has the advantages of long-term use, time-limited use and one-time trial use, and facilitates enterprise selection, so that authorized users can obtain the use authority of the provided SDK within the authorized time range of permitted use and use safely.

Drawings

The following detailed description of embodiments of the invention refers to the accompanying drawings in which:

FIG. 1 is a flow diagram of a method for authorizing services of an SDK software interface;

figure 2 is an overall flow diagram of SDK software interface service authorization.

Detailed Description

To further illustrate the features of the present invention, refer to the following detailed description of the invention and the accompanying drawings. The drawings are for reference and illustration purposes only and are not intended to limit the scope of the present disclosure.

As shown in fig. 1 to fig. 2, the present embodiment discloses an SDK software interface service authorization method, which includes the following steps:

s1, when the user starts the API, reading the authorization file on the hardware device of the user, reading the file content from the authorization file, the authorization file generating the authorization serial number for the service provider based on the hardware device parameter of the user, and writing the authorization serial number into the file of the hardware device;

s2, judging whether the file content is consistent with the hardware environment of the current equipment, if so, executing a step S3, otherwise, executing a step S4;

s3, obtaining the authorization state corresponding to the hardware device from the file content, wherein the authorization state comprises permanent authorization, time-limited authorization and single authorization;

and S4, determining that the current user side has no authority.

As a further preferred technical solution, the hardware device parameters include a C-disk serial number, a network card name, and a Mac address corresponding to the network card;

encrypting the machine code by des, and then coding by base64 to generate an encrypted serial number;

and writing the serial number into a file of the hardware equipment of the user side.

As a further preferred technical solution, the writing the serial number into a file of the hardware device on the user side includes:

and writing the serial number into an hb _ eth0 file under an etc directory of the hardware equipment on the user side.

It should be noted that, the execution of the authorization program requires the user side to provide hardware device parameters (or the authorization side obtains the hardware device parameters through local deployment before sale), where the parameters are the C-disk serial number, the network card name (for example, the network card name eth0), and the acquisition eth0 and the mac address corresponding to the acquisition eth 0. And (3) mixing the network card name + c disk serial number + mac address + authorization code (authorization state + authorization time (in hours, such as 1024 hours)) + random number through an encryption algorithm to generate a final machine code. Then after des encryption, base64 encoding is performed to generate an encrypted serial number. This serial number is written into a file in the hardware device (for example, into hb _ eth0 in the etc directory, so that the restart does not disappear), and the content of this file is the encrypted character string.

As a further preferred technical solution, the reading an authorization file on a user-side hardware device, and reading a file content from the authorization file, includes:

decoding the authorization file by base64, and then performing des decryption to obtain the content of the authorization file;

obtaining the device fingerprint serial number from the content of the authorization file: hardware device parameters + authorization codes.

It should be noted that the interpretation of the content authority only needs to be determined once, that is, when the api interface is started for the first time, the password is decoded by base64, and then is decrypted by Des, so that the content of the hb _ eth0 file generated in the hardware device in the first step is decrypted, and the device fingerprint serial number stored in the hb _ eth0 file is obtained: the network card information + C disk serial number + mac address and the authorization code are compared with the actual network card information, mac address and C disk serial number of the current equipment, and if the actual network card information, mac address and C disk serial number are successful, the authorization is successful, and service authorization can be performed.

As a further preferred technical solution, the time policy of authorization in this embodiment is divided into three manners, namely permanent authorization, time-limited authorization and single authorization. When a user calls an API service in the SDK (for example, when an interface in a so dynamic library is provided), a thread is immediately and independently started to read a file hb _ eth0 written on a client hardware device, after the encrypted content in the file hb _ eth0 is read, the encrypted serial number is decoded by using base64, and after the encrypted serial number is decrypted by Des, the original content can be read, so that a corresponding authorization state is queried. If the authorization is Permanent authorization, the start corresponding to the state is "Permanent," the start corresponding to the single experience authorization state is "Trial," and the state corresponding to the start is "TimeLimit.

Particularly, when the authorization status obtained by resolving is time-limited authorization, the method further comprises: and analyzing the authorized time after the start, and if the state corresponding to the start is analyzed to be "TimeLimit", then reading and analyzing the authorized time content included in the file hb _ eth0 written on the hardware device of the client in the previous step every other hour (for example, the decrypted time is 1024 h). Since this is done every hour, 1h is subtracted every hour, which becomes 1023h, until 0h, the authorization expires.

As a further preferable technical solution, as shown in fig. 2, before the determining whether the file content is consistent with the hardware environment of the current device, the method further includes:

judging whether the authorization file exists or not;

if yes, judging whether the file content is consistent with the hardware environment of the current equipment;

if not, determining that the user side has no authority.

The embodiment also discloses an SDK software interface service authorization device, which includes a first server disposed at a service provider and a second server disposed at a user side, wherein the first server and the second server are connected and communicated, and the second server includes a memory and a processor, the memory is used for storing a computer program, and when the computer program is executed by the processor, the SDK software interface service authorization method is implemented.

As a further preferable technical solution, the hardware device parameters include a C-disk serial number, a network card name, and a Mac address corresponding to the network card.

As a further preferred technical solution, the encryption module is specifically configured to:

encrypting the machine code by des, and then coding by base64 to generate an encrypted serial number;

and writing the serial number into a file of the hardware equipment of the user side.

The system provided by the embodiment of the present invention is used for executing the above method embodiments, and for details of the process and the details, reference is made to the above embodiments, which are not described herein again.

As a further preferred technical solution, in this embodiment, the installation process of the authorization file is as follows:

(1) setting corresponding user names and passwords for different users to open the authorization file:

the fixed user name and password are modified and set, 16-system ASCII codes are used for setting the user name and the password in the authorization file of each user, so that the security is further guaranteed, and the purpose of preventing others from inquiring the user name and the password of the authorization program by using strings commands is achieved.

Meanwhile, the problem that the authorization file is leaked due to the fact that an assembling person forgets to delete the authorization file after assembling is solved. Or for a permanently authorized user, the authorization file can be delivered to enable the user to carry out permanent authority authorization through a user name and a password.

(2) Compiling a script for acquiring a hardware fingerprint and loading a binary file:

(3) local or remote deployment of authorization files:

one-touch authorization into a user server

For example: Sudo./UpLoadAuthFile eno 11024

Wherein the first parameter is the name of the user network device and the second parameter is the authorization time limit (unit is hour), the self-destruction mode is set by the program, and the executable program can be automatically destroyed after the binary file is generated.

The invention has the following beneficial effects:

(1) the generation of the authorized sequence number (KEY) judges the uniqueness of the service object through hardware fingerprint information (including the stored network card name + c disk sequence number + mac address), effectively avoids the problem that the sequence information is too long due to the fact that the CPU information is directly obtained, and the tail of the stored KEY contains the confusion information of random numbers and is not easy to crack.

(2) The time authorization is divided into three authorization modes of 'Permanent authorization Permanent', 'time limit authorization TimeLimit' and 'single authorization Trial', and the timeliness of authorization can be judged in real time when an authorized program is called for use each time, so that the user can use the method conveniently.

The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

9页详细技术资料下载

SDK software interface service authorization method and device

相关技术

网友询问留言