Secure and confidential offline software registration authorization method

Abstract

Confidential software products installed and used by a confidential host in a national security and confidentiality place basically need to be authorized and verified. The invention provides a secureand confidential offline software registration authorization method. Authorization software registration information can be managed at a management end in a unified manner, the whole process is physically isolated from a host, and the potential safety hazard that a storage medium is in direct contact with a secret-related machine in the authorization process is avoided. The security and confidentiality offline software registration authorization method comprises: when the software needs registration authorization, obtaining a unique identifier of the equipment, performing special splicing, reversible and irreversible encryption to generate a registration two-dimensional code, performing local analysis and identification on the two-dimensional code by using physical equipment, performing analysis and decryption by using a management end, performing encryption by using a private algorithm to generate a registration code, and inputting the registration code by the software to perform registration verification authorization; when software needs to migrate or replace hardware equipment, a logout two-dimensional code is generated through encryption, the two-dimensional code is locally analyzed and recognized through physical equipment, a management end analyzes and recovers software authorization, the hardware equipment is migrated or replaced after success, and the hardware equipment can be reused after re-registration.

Description

technical field [0001] The invention relates to the field of computer safety and security, in particular to a system requiring both physical isolation and authorized management among security products. Background technique [0002] At present, the computers used in confidential products are often offline confidential computers isolated from the network. There are two traditional authorization methods for application software in confidential hosts: one is KEY binding authorization, and the use of KEY can not only manage authorization in a unified manner The software registration information is easy to lose; another authorization method is manual authorization, which needs to generate a registration file on the host (client) first, export it from a storage medium such as a CD or U disk, and import the registration information to the management end (server) Generating the authorization file, and then returning to the software host (client) to import the authorization file for f...

AI Technical Summary

Problems solved by technology

[0002] At present, the computers used in confidential products are often offline confidential computers isolated from the network. There are two traditional authorization methods for application software in confidential hosts: one is KEY binding authorization, and the use of KEY can not only manage authorization in a unified manner The software registration information is easy to lose; another authorization method is manual authorization, which needs to generate a registration file on the host (client) first, export it from a storage medium such as a CD or U disk, and import the registration information to the management end (server) Generate an authorization file, and then return to the software host (client) to import the authorization file for formal authorization. The operation is cumbersome and wastes manpower, and due to the direct contact between the storage medium and the confidential machine, the problem of security risks is becoming more and more obvious.

Images