阅读说明：本技术 用于许可认证的方法、节点、系统和计算机可读存储介质 (Method, node, system and computer-readable storage medium for license authentication ) 是由 闫新全 于 2020-03-31 设计创作，主要内容包括：根据本公开的实施例,提供了用于认证许可的边缘认证节点、中心认证节点、在这些节点处执行的方法、包括各节点在内的系统和相应的计算机可读存储介质。在边缘认证节点处执行的方法包括：从客户端节点接收认证许可请求,所述认证许可请求包括与所述客户端节点相关联的客户端指纹信息；基于所述客户端指纹信息对由中心认证节点生成的与所述客户端节点相关联的许可证书进行解密,以获得与所述客户端节点相关联的许可信息；以及至少部分基于所获得的许可信息向所述客户端节点发送认证许可响应。(According to embodiments of the present disclosure, there are provided edge authentication nodes, central authentication nodes, methods performed at these nodes, systems including the nodes, and corresponding computer-readable storage media for authenticating a license. The method performed at the edge authentication node comprises: receiving an authentication permission request from a client node, the authentication permission request including client fingerprint information associated with the client node; decrypting a license credential associated with the client node generated by a central authentication node based on the client fingerprint information to obtain license information associated with the client node; and sending an authentication permission response to the client node based at least in part on the obtained permission information.)

A method performed at an edge authentication node for authenticating a license, comprising:

receiving an authentication permission request from a client node, the authentication permission request including client fingerprint information associated with the client node;

decrypting a license credential associated with the client node generated by a central authentication node based on the client fingerprint information to obtain license information associated with the client node; and

sending an authentication permission response to the client node based at least in part on the obtained permission information.

The method of claim 1, wherein decrypting the license credential associated with the client node generated by a central authentication node based on the client fingerprint information comprises:

determining a decryption key corresponding to the client node based on the client fingerprint information;

decrypting the license credential using the decryption key.

The method of claim 1, wherein after the step of decrypting the license credential associated with the client node generated by a central authentication node based on the client fingerprint information, the method further comprises:

extracting client public key information from the client fingerprint information;

authenticating the license certificate using the client public key information; and

and in response to the success of the license certificate authentication, extracting the license information in the license certificate.

The method of claim 3, wherein authenticating the license credential using the customer public key information comprises authenticating at least one of the license credential:

whether the digital signature of the license certificate is legitimate;

whether the issuing organization of the license certificate is a legal issuing organization or not; and

whether the validity period of the license credential has not expired.

The method of claim 1, wherein extracting licensing information in the license credential comprises extracting at least one of the following information in the license credential: issuing organization, authorization type, authorization quantity, authorization object and authorization product information.

The method of claim 3, wherein sending an authenticated license response to the client node based at least in part on the obtained license information comprises:

sending an authenticated license response to the client node based at least in part on the extracted license information to license the client node to configure accordingly in accordance with the license information.

The method of claim 1, wherein after the step of receiving a request for authentication permission from a client node, the method further comprises:

forwarding the authentication permission request to a central authentication node; and

receiving a central authentication permission response from the central authentication node in response to the request for authentication permission, wherein sending an authentication permission response to the client node based at least in part on the obtained permission information comprises:

sending an authentication permission response to the client node based on the obtained permission information and a central authentication permission response received from the central authentication node.

The method of claim 1, wherein the license credential is obtained by the edge authentication node from the central authentication node in an offline manner.

The method of claim 8, wherein the offline manner comprises at least one of: entity files, short messages, e-mails, portable storage.

The method of claim 1, wherein the license credential is generated according to a JWT protocol.

The method of claim 1, wherein the authentication permission request is a hypertext transfer protocol/hypertext transfer security protocol based stateless request.

The method of claim 1, wherein the edge authentication node and the client node are deployed on the same physical hardware.

The method of claim 1, further comprising:

in response to receiving an authentication permission request from a client node, log data of an authentication permission session related to the authentication permission request is recorded at the edge authentication node.

The method of claim 3, wherein the client fingerprint information is identity authentication information for uniquely identifying and authenticating the client node.

The method of claim 1, further comprising:

collecting information relating to at least one of the edge authentication node, the client node and a license authentication; and

uploading the collected information to the central authentication node.

An edge authentication node for authenticating a license, comprising:

a processor;

a memory having instructions stored thereon that, when executed by the processor, cause the processor to perform the method of any of claims 1-15.

A method performed at a central authentication node for generating a license credential, comprising:

receiving a license credential generation request associated with a client node;

generating a license credential associated with the client node based on request information included in the license credential generation request; and

providing the license credential to an edge authentication node associated with the client node for subsequent authentication by the edge authentication node.

The method of claim 17, wherein the request information comprises:

identity information associated with the client node; and

product information associated with a product to be authenticated at the client node.

The method of claim 18, wherein the identity information comprises at least one of: email, telephone number, social unified credit code, identification number.

The method of claim 17, wherein the license credential includes at least one of: issuing organization, authorization term, authorization type, authorization quantity, authorization object, authorization product information and digital signature.

The method of claim 20, wherein generating a license credential associated with the client node based on request information included in the license credential generation request comprises:

generating an asymmetric key pair associated with the client node including a client public key and a client private key based on the request information;

generating one or more parts of the license certificate other than the digital signature based on the request information such that the one or more parts include information for binding the identity information and the product information;

one or more portions of the license certificate other than the digital signature are digitally signed using the customer private key to generate the digital signature.

The method of claim 21, further comprising:

encrypting the license credential using an encryption key associated with the client node agreed upon in advance by the edge authentication node.

The method of claim 17, further comprising:

receiving a forwarded authentication permission request from the edge authentication node;

authenticating a license credential associated with a client node based on client fingerprint information associated with the client node included in the authentication license request; and

and sending a central authentication permission response to the edge authentication node based on the authentication result.

The method of claim 23, wherein the client fingerprint information is identity authentication information for uniquely identifying and authenticating the client node.

The method of claim 17, further comprising:

receiving information relating to at least one of the edge authentication node, the client node and a permission authentication;

a statistical analysis is performed on the received information.

The method of claim 17, further comprising:

performing remote management functions on the edge authentication node, the remote management functions including at least one of: locking, offline, upgrading, configuring and restarting.

A central authentication node for authenticating a license, comprising:

a processor;

a memory having instructions stored thereon that, when executed by the processor, cause the processor to perform the method of any of claims 17-26.

A system for license authentication, comprising:

the central authentication node of claim 27;

the edge authentication node of claim 16; and

one or more client nodes.

A computer-readable storage medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform the method of any one of claims 1-15 and 17-26.