CN100470570C - Network software system copyright protecting method - Google Patents
Network software system copyright protecting method Download PDFInfo
- Publication number
- CN100470570C CN100470570C CN 200610088959 CN200610088959A CN100470570C CN 100470570 C CN100470570 C CN 100470570C CN 200610088959 CN200610088959 CN 200610088959 CN 200610088959 A CN200610088959 A CN 200610088959A CN 100470570 C CN100470570 C CN 100470570C
- Authority
- CN
- China
- Prior art keywords
- card
- software systems
- server end
- public key
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention relates to a method to provide the copyright protection for the network software system by the IC card based on finance standard. It associates the IC card with the client end of the network software system. The validation of the server is based on the validity of the IC card, then to restore to the user end program after passing the validation. The invention has improved the security by using the IC card; because of the imperfection of the user end program, it can't run independently, so the difficulty of the solution is increased. The invention has the good copyright protection.
Description
Technical field
The present invention relates to the Software Protection Technique field, is a kind of utilization provides copyright protection for network software system based on the IC-card of finance norms method specifically.
Background technology
Software is as a kind of invisible product, the hard-working of having condensed the developer, however the software on the open platform almost is subjected to the puzzlement of problem of piracy from the beginning, and the bootlegger usually can allow software vendor can't regain one's original capital.
Based on network software systems, its system architecture mainly comprise two types on C/S structure and B/S structure:
C/S (Client/Server) structure, i.e. structure of client end/server end; B/S (Browser/Server) structure, i.e. browser end/server end structure.Wherein the B/S structure develops on the C/S architecture basics, and browser end in fact also is a kind of client-side program, and it converts html script to visual interface.Can make full use of the advantage of two ends hardware environment by these two kinds of structures, the task reasonable distribution is brought in realization to client or browser end and server, reduce the communication-cost of system.Present most of application software system all is the double-layer structure of C/S or B/S form.
Software systems for above-mentioned two kinds of structures, never have effective mechanism and means ensure that copyright is inviolable for the installation procedure of client or browser end application program, installation procedure by the bootlegger wantonly copy and disseminate, caused huge injury for software developer's rights and interests, and brought great challenge to server end application and safety of data.
Finance norms is bank's transaction for convenience and improves the security of concluding the business and the financial transaction standard of formulating, existing international finance standard mainly is the EMV standard, the EMV standard is by international three biggest banks card tissue--the technical standard that the common bank card of initiating to formulate of Europay (Continental Europe card), MasterCard (Master Card) and Visa (Visa Card) shifts to IC (integrated circuit) card from magnetic stripe card, the employing of this standard will improve the security of bank card business dealing greatly, reduce fraud.Along with the further popularization of EMV standard, countries in the world are made corresponding finance norms according to the EMV standard in conjunction with national conditions.China is People's Bank of China's finance integrated circuit (IC) calliper model based on the finance norms of EMV standard expansion, i.e. PBOC standard, and other various countries have also formulated finance norms separately respectively based on the EMV standard.
The regulation cardholder information comprises records such as bank's card number, holder name or holder's certificate number in the finance norms.
CA (Certification Authority) center is called the digital certificate authentication center again.The CA center is as the third party who is trusted in the electronic transaction, is responsible in the e-commerce environment each entity and issues digital certificate, proving the authenticity of each entity identities, and is responsible for check and managing digital certificate in transaction.Digital certificate includes certificate identity of entity information, public key data, Notified Body's title etc. in (claiming public key certificate again), after Notified Body's authentication certificate entity is legal registering entities, just above-mentioned information is carried out digital signature, forms digital certificate.In the public key certificate system, if certain user needs the PKI to the user of CA center registration, can directly ask for digital certificate to this user, then use CA center public key verifications digital certificate.
Summary of the invention
The present invention be directed to the serious present situation of the pirate situation of present network software system, provide a kind of network software that can prevent to be copied the copy-right protection method that uses wantonly.
The technical solution adopted for the present invention to solve the technical problems is:
A kind of copy-right protection method of network software system comprises the steps:
(1) the software systems client-side program with connect based on the IC-card of finance norms;
(2) checking of software systems server end is based on the legitimacy of the IC-card of finance norms;
3) after checking was passed through, described software systems client-side program sent function to described software systems server end and handles request, and described function is the function that described software systems client-side program lacks, and described software systems Server Side Include has this function; Described software systems server end moves this function and result is returned described software systems client-side program after receiving that described function is handled request;
(4) after described software systems client-side program is received described result, normal operation.
Store cardholder information in the described IC-card based on finance norms.
Described checking is based on the legitimacy of the IC-card of finance norms, and its method may further comprise the steps:
(1) described software systems server end verifies whether described cardholder information is present in the cardholder information tabulation;
(2) whether described software systems server end to compare described cardholder information consistent with information in the described cardholder information tabulation.
Described based on storing credit card issuer public key certificate and card public key certificate in the IC-card of finance norms.
Described checking is based on the legitimacy of the IC-card of finance norms, and its method may further comprise the steps:
(1) described software systems server end is forwarded to random number in the described IC-card based on finance norms by described software systems client-side program;
(2) described IC-card based on finance norms utilizes the described random number of its private key signature, and returns described software systems server end by described software systems client-side program;
(3) described software systems server end utilizes CA center public key verifications credit card issuer public key certificate, confirms that the credit card issuer PKI is effective;
(4) described software systems server end utilizes described credit card issuer public key verifications card public key certificate, confirms that the card PKI is effective;
(5) described software systems server end utilizes described card public key verifications signature.
Described based on storing cardholder information, credit card issuer public key certificate and card public key certificate in the IC-card of finance norms simultaneously.
Described checking is based on the legitimacy of the IC-card of finance norms, and its method may further comprise the steps:
(1) described software systems server end verifies whether described cardholder information is present in the cardholder information tabulation;
(2) whether described software systems server end to compare described cardholder information consistent with information in the described cardholder information tabulation;
(3) described software systems server end is forwarded to random number in the described IC-card based on finance norms by described software systems client-side program;
(4) described IC-card based on finance norms utilizes the described random number of its private key signature, and returns described software systems server end by described software systems client-side program;
(5) described software systems server end utilizes CA center public key verifications credit card issuer public key certificate, confirms that the credit card issuer PKI is effective;
(6) described software systems server end utilizes described credit card issuer public key verifications card public key certificate, confirms that the card PKI is effective;
(7) described software systems server end utilizes described card public key verifications signature.
The copy-right protection method of a kind of network software system of the present invention, it is used based on the network under the IC-card replacement prior art of finance norms and transmits certificate or deposit the certificate mode by disk, and its advantage is:
1, security: owing to be to prevent the safety barrier distorting and steal based on the IC-card of finance norms, card operating system can be realized only at inner generation of card and use private key, private key just can not be replicated and attack like this, and method of the present invention adopts based on the IC-card protection software security of finance norms high; In addition, client software of the present invention is incomplete software, need during operation server participation and can not isolated operation, such guard method increases and cracks difficulty, security is higher.
2, dirigibility: since little, in light weight based on the IC-card volume of finance norms, be convenient for carrying and mobile operating, and method of the present invention adopts the IC protection software flexibility height based on finance norms.
Description of drawings
Fig. 1 is flow for authenticating ID figure of the present invention;
Fig. 2 is the principle schematic of first kind of embodiment of recovery client-side program;
Fig. 3 is the principle schematic of second kind of embodiment of recovery client-side program;
Fig. 4 is the principle schematic of the third embodiment of recovery client-side program.
Embodiment
Further specify the present invention below in conjunction with the drawings and specific embodiments, but not as a limitation of the invention.
Because the browser end in the B/S structure in fact also is a kind of client-side program, so client-side program in the general reference of the client-side program in the following explanation C/S structure and the browser end program in the B/S structure.
The software systems server end is deposited CA center PKI, cardholder information tabulation.
When the user buys the client software product, need to provide based on the IC-card or the card relevant information of finance norms to dealer and register, the software systems server end will be recorded in the above-mentioned cardholder information tabulation based on the cardholder information of the IC-card of finance norms.
As shown in Figure 1, during user's operating software, at first need the authentication by server end, its verification process is as follows:
Step 101 starts client-side program, sets up being connected of client and server end;
Step 102 will connect subscriber computer by card reader based on the IC-card of finance norms;
Step 103, client-side program send to the IC-card based on finance norms by card reader selects utility command to select application directory;
Step 104 is returned application related information based on the IC-card of finance norms to client-side program;
Step 105, according to above-mentioned application related information, client-side program sends the read record order to the IC-card based on finance norms and reads the user file record;
Step 106 is returned the user file recording-related information based on the IC-card of finance norms to client-side program;
Step 107, client-side program is sent to server end with the user file record;
Step 108, server end reads cardholder information from user file record, and seeks corresponding cardholder information from the cardholder information tabulation, if corresponding cardholder information does not exist or inconsistent with the corresponding information in the cardholder information tabulation, end operation then;
Step 109, if corresponding cardholder information exists and consistent with information in the cardholder information tabulation, then server end generates the dynamic authentication data of random number one class, and sends to client-side program;
Step 110, after client-side program received authentication request, the internal authentication order that random number is organized into standard sent to the IC-card based on finance norms;
Step 111 based on the IC-card reception internal authentication order of finance norms, use private key signature random number in the card, and the result that will sign is returned client-side program;
Step 112, the client-side program result that will sign is transmitted to server end;
Step 113, the server end certifying signature,
Credit card issuer public key certificate in the public key verifications user file record of server by utilizing CA center confirms that the credit card issuer PKI is effective; Utilize the card public key certificate in the credit card issuer public key verifications user file record, confirm that the card PKI is effective; Utilize card public key verifications signature;
Authentication failed, server end disconnect and connecting, and client-side program withdraws from;
Step 114 if be proved to be successful, continues operation.
When specific implementation, also can only verify cardholder information or certifying signature only.
When specific implementation, during the client-side program operation, server end may carry out real-time authentication to client-side program in above-mentioned same mode.
If it is complete software that dealer sells the user client program, then by after the authentication, client-side program normally moves.
When specific implementation, it also may be that treated part is encrypted or incomplete software that dealer sells user client software, such software can't normally move, and the user need or replenish incomplete part with the encryption section deciphering, promptly recovers described software systems client-side program.This process need obtains corresponding key, code or result etc. from server end.
Recovering the software systems client-side program has following three kinds of embodiments, can select any one embodiment when specific implementation, existing description respectively with reference to the accompanying drawings:
Fig. 2 is for recovering first kind of embodiment of client-side program, and as shown in the figure, the client software D partial code that the user buys is the ciphertext form.
Server end also comprises the employed operational factor K of the above-mentioned ciphertext code of deciphering except that comprising the tabulation of CA center PKI and cardholder information.
If think operating software, the user need be with the deciphering of ciphertext partial code, and the step of deciphering is as follows:
Step 201, client-side program D sends the download request of operational factor to server end;
Step 202, the sub-K of operational factor that server end will be stored is used to decipher this part code sends to client-side program D by network;
Step 203, client-side program D utilizes the code section of operational factor K and algorithm f enabling decryption of encrypted to obtain client-side program d, promptly d=f (D, K);
Step 204, client-side program d continues operation.
So just realized operation by server end control client-side program d.
Fig. 3 is for recovering second kind of embodiment of client-side program, and as shown in the figure, the client software that the user buys lacks one or several important code module d1, d2 and d3.
Server end also comprises above-mentioned ciphertext D1, D2 and D3 and the employed operational factor K1 of the above-mentioned ciphertext code module of deciphering, K2 and the K3 that lacks code module except that comprising the tabulation of CA center PKI and cardholder information.
If think operating software normally, need fill the code module that software lacked by the back in step 114 authentication, the step of filling is as follows:
Step 301, when client-side program D moves to the relevant position that lacks code module d1, to server end send the download request of scarce code module;
Step 302 after server end is received request, sends to client-side program D with the ciphertext D1 and the corresponding operational factor K1 of the code module that lacked by network;
Step 303, client-side program D utilizes operational factor K1 that ciphertext D1 is deciphered;
Step 304, client-side program continues operation, and when moving to the relevant position that lacks code module d2 or d3, repeating step 301-303 is deciphered D2 with K2 respectively, and K3 deciphers D3.
Fig. 4 is for recovering the third embodiment of client-side program, as shown in the figure, the client software that the user buys lacks one or several important function, for example Proc1, Proc2 and Proc3, the mutual code that is lacking client-side program and server partially filled.
Server end also comprises above-mentioned function Proc1, Proc2 and the Proc3 that lacks except that comprising the tabulation of CA center PKI and cardholder information.
If think normal operating software, the user needs server end to send the result of respective function, and execution in step is as follows:
Step 401, running client program D when moving to the function Proc1 relevant position that lacks, sends the request of obtaining respective function Proc1 result to server end;
Step 402, server end moves corresponding function Proc1 according to request, and result is returned client-side program D;
Step 403, client-side program D utilizes the result who returns to continue operation;
Step 404, when moving to the function Proc2 that lacks or Proc3, repeating step 401-403;
Above-mentioned three kinds of processes of recovering client-side program are all carried out in calculator memory.
The above embodiment only is the preferred embodiments of the present invention; the invention is not restricted to the foregoing description; for persons skilled in the art; the any conspicuous change of under the prerequisite that does not deviate from the principle of the invention it being done all belongs to the protection domain of design of the present invention and claims.
Claims (7)
1, a kind of copy-right protection method of network software system is characterized in that, comprises the steps:
(1) the software systems client-side program with connect based on the IC-card of finance norms;
(2) checking of software systems server end is based on the legitimacy of the IC-card of finance norms;
(3) after checking was passed through, described software systems client-side program sent function to described software systems server end and handles request, and described function is the function that described software systems client-side program lacks, and described software systems Server Side Include has this function; Described software systems server end moves this function and result is returned described software systems client-side program after receiving that described function is handled request;
(4) after described software systems client-side program is received described result, normal operation.
2, the copy-right protection method of a kind of network software system according to claim 1 is characterized in that, stores cardholder information in the described IC-card based on finance norms.
3, the copy-right protection method of a kind of network software system according to claim 2 is characterized in that, described checking is based on the legitimacy of the IC-card of finance norms, and its method may further comprise the steps:
(1) described software systems server end verifies whether described cardholder information is present in the cardholder information tabulation;
(2) whether described software systems server end to compare described cardholder information consistent with information in the described cardholder information tabulation.
4, the copy-right protection method of a kind of network software system according to claim 1 is characterized in that, and is described based on storing credit card issuer public key certificate and card public key certificate in the IC-card of finance norms.
5, the copy-right protection method of a kind of network software system according to claim 4 is characterized in that, described checking is based on the legitimacy of the IC-card of finance norms, and its method may further comprise the steps:
(1) described software systems server end is forwarded to random number in the described IC-card based on finance norms by described software systems client-side program;
(2) described IC-card based on finance norms utilizes the described random number of its private key signature, and returns described software systems server end by described software systems client-side program;
(3) described software systems server end utilizes CA center public key verifications credit card issuer public key certificate, confirms that the credit card issuer PKI is effective;
(4) described software systems server end utilizes described credit card issuer public key verifications card public key certificate, confirms that the card PKI is effective;
(5) described software systems server end utilizes described card public key verifications signature.
6, the copy-right protection method of a kind of network software system according to claim 1 is characterized in that, and is described based on storing cardholder information, credit card issuer public key certificate and card public key certificate in the IC-card of finance norms simultaneously.
7, the copy-right protection method of a kind of network software system according to claim 6 is characterized in that, described checking is based on the legitimacy of the IC-card of finance norms, and its method may further comprise the steps:
(1) described software systems server end verifies whether described cardholder information is present in the cardholder information tabulation;
(2) whether described software systems server end to compare described cardholder information consistent with information in the described cardholder information tabulation;
(3) described software systems server end is forwarded to random number in the described IC-card based on finance norms by described software systems client-side program;
(4) described IC-card based on finance norms utilizes the described random number of its private key signature, and returns described software systems server end by described software systems client-side program;
(5) described software systems server end utilizes CA center public key verifications credit card issuer public key certificate, confirms that the credit card issuer PKI is effective;
(6) described software systems server end utilizes described credit card issuer public key verifications card public key certificate, confirms that the card PKI is effective;
(7) described software systems server end utilizes described card public key verifications signature.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610088959 CN100470570C (en) | 2006-07-27 | 2006-07-27 | Network software system copyright protecting method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610088959 CN100470570C (en) | 2006-07-27 | 2006-07-27 | Network software system copyright protecting method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1889088A CN1889088A (en) | 2007-01-03 |
| CN100470570C true CN100470570C (en) | 2009-03-18 |
Family
ID=37578364
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200610088959 Active CN100470570C (en) | 2006-07-27 | 2006-07-27 | Network software system copyright protecting method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100470570C (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2413257B1 (en) | 2010-07-26 | 2017-04-26 | Sony DADC Austria AG | Method for replacing an illegitimate copy of a software program with legitimate copy and corresponding system |
| CN105427102A (en) * | 2015-11-19 | 2016-03-23 | 中国建设银行股份有限公司 | Financial IC card based authentication method and corresponding device and system |
| CN108429621B (en) * | 2018-03-12 | 2021-07-20 | 北京奇艺世纪科技有限公司 | Identity verification method and device |
-
2006
- 2006-07-27 CN CN 200610088959 patent/CN100470570C/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN1889088A (en) | 2007-01-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2004290297B2 (en) | Managing attempts to initiate authentication of electronic commerce card transactions | |
| CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
| US8608065B2 (en) | Authenticating electronic financial transactions | |
| CN1831865B (en) | Electronic bank safety authorization system and method based on CPK | |
| US20070288392A1 (en) | Secure Online Payment System And Online Payment Authentication Method | |
| CN100555339C (en) | The application process of IC-card in gate control system based on finance norms | |
| CN101546407A (en) | Electronic commerce system and management method thereof based on digital certificate | |
| CN105554018B (en) | Genuine cyber identification verification method | |
| US20010016838A1 (en) | Electronic negotiable documents | |
| TWI578253B (en) | System and method for applying financial certificate using a mobile telecommunication device | |
| CN101741561B (en) | Method and system for authenticating two-way hardware | |
| CN110210863A (en) | Block chain method for secure transactions, device, electronic equipment and storage medium | |
| CN101882343A (en) | Method, system and equipment for cardless operation of automatic teller machine | |
| CN100470570C (en) | Network software system copyright protecting method | |
| CN102129740A (en) | Method for preventing bankcard from being stolen | |
| EP4240245A1 (en) | Method for suspending protection of an object achieved by a protection device | |
| CN116720839B (en) | Financial information management method based on blockchain technology and supervision system thereof | |
| CA2212457C (en) | Electronic negotiable documents | |
| CN100409245C (en) | Method for implementing PKI application of bank card on computer | |
| CN111461714A (en) | Identity authentication and safe transaction method based on smart card in cloud computing | |
| CN1838187B (en) | Implementation method for applying bank car to identity authentication | |
| JP3792808B2 (en) | Authentication method and authentication system | |
| CN201349222Y (en) | Universal serial bus key encryption equipment employing fingerprint to determine authentication | |
| WO2001015094A2 (en) | Secure system for conducting electronic transactions and method for use thereof | |
| CA2605569C (en) | Electronic negotiable documents |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: FEITIAN CHENGXIN TECHNOLOGIES CO., LTD. Free format text: FORMER NAME: BEIJING FEITIAN CHENGXIN SCIENCE + TECHNOLOGY CO. LTD. |
|
| CP03 | Change of name, title or address |
Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer Patentee after: Feitian Technologies Co., Ltd. Address before: 100083, Haidian District, Xueyuan Road, No. 40 research, 7 floor, 5 floor, Beijing Patentee before: Beijing Feitian Chengxin Science & Technology Co., Ltd. |