Specific implementation mode
The embodiment of the present invention is described in detail below in conjunction with the accompanying drawings.
Fig. 1 is the schematic flow chart that the software digital of the present invention permits one embodiment of transfer method.
As shown in Figure 1, the software digital license transfer method of the present embodiment includes:
S1, the digital permission transfer request based on the first account information is obtained, the first account is flat in digital permission serviceThe user account that platform creates;
The digital permission of the embodiment of the present invention is shifted to be carried out based on same user account.User account is that software users are pre-It is located at digital permission service platform (server end) there are one can first having under the account of digital permission service platform establishment, accountCloud lock, software developer can to the user account be user issue software digital license, issued to account digital permission peaceMounted in Yun Suozhong, user needs the activation data packet issued using software developer to activate issued digital permission, activatesDigital permission later could be used by user under restricting condition for use.The account permissible personnel with the account right to useIt is logged in by different terminals and is locked using cloud, but for the same software digital license under the account in cloud lock, the same time is onlyA terminal device logs account is allowed to be used.After user is by the licensed service application logon account on terminal device,The software digital issued to account cloud lock can be viewed and permit enforcement use of going forward side by side.When needing to carry out digital permission transfer, step onAfter recording the account, account information can be based on and obtain digital permission transfer request.
In the embodiment of the present invention, each user account can possess the dedicated digital certificate for being generated and being provided by platform, put downPlatform can for example be Generated Certificate by RSA Algorithm.Certificate for example can be used for digital permission transfer request or including digital permission phaseClose the purposes such as securely transmit of data packet etc. including data.
S2, according to the digital permission transfer request, will include and the designation number license phase in the first software protective lockThe data packet of the data of pass is sent to the second software protective lock, and first software protective lock and the second software protective lock are withOne account is associated with;
According to embodiments of the present invention, license transfer is could be between the associated software protective lock of the first accountRow.First software protective lock can be cloud lock, then the second software protective lock can be hardware device;Vice versa, i.e., first is softPart protection lock is hardware device, and the second software protective lock is locked for cloud.Software protective lock (hereinafter referred to as hardware as hardware deviceLock) need association in advance to user account and a user account can only be associated with, but a user account can be associated with it is multipleHardware lock, at the same a user account be only associated with there are one cloud lock.Hardware lock is associated with to account, can be viewed in accountThe related information of associated hardware lock, in related information such as the identification information or sequence number that may include the hardware lock, such asFruit user no longer needs some hardware lock, can delete the related information of hardware lock from account.
Logon account obtain the digital permission transfer request based on account information after, can according to the content of the transfer request,Relevant data will be permitted to be sent by way of data packet with the designation number in the first software protective lock as the side of producingTo the second software protective lock as the side of being transferred to.
With designation number permit relevant data can be, for example, digital permission identification information, digital permission status information,Digital permission ontology data, digital permission term data etc..When there is no permit phase with designation number in the second software protective lockWhen any data closed, it may include digital permission ontology data in data packet, so that having in the second software protective lock completeDigital permission data.Permit when being previously transferred to the designation number in the second software protective lock, and referred to this in last timeDetermine digital permission related data data packet send out after the designation number license be still in the second software protective lock, onlyBe set to down state as following S3 steps, then it can be in the above-mentioned data packet sent to the second software protective lockIt need not include digital permission ontology data, and only include digital permission related data, such as term data, identification information, state letterBreath etc., and when determining that data packet conforms to a predetermined condition, the number stored is permitted according to the license related data in data packetIt can be arranged accordingly and reset to available mode.
S3, down state is deleted or is set as in the designation number license in first software protective lock.
After the data packet permitted including designation number is sent to the second software protective lock, need the first software protective lockDown state is deleted or is set as in interior designation number license, so that it is guaranteed that with portion software digital license in the same timeEffective status is only in a software protective lock.
It is different soft under the same user account that the embodiment of the present invention so that software digital license can and be merely able toIt is shifted between part protection lock, the same software digital for solving user permits what can only be used in fixed software protective lock to askThe problem of needing to repeat to purchase software when topic and cross-region or offline use.It carries out that software is only needed to protect when license transferShield lock it is associated with user account, transfer process by the licensed service application login user account in any terminal equipment come intoRow, need not be by means of other hardware devices, and the both sides of license transfer need not be at same place so that user can beDifferent geographical uses same digital permission in different ways, fully meets the use needs currently permitted software digital, togetherWhen can be user reduce using software product cost.
Fig. 2 is a kind of schematic flow chart of realization method of step S2 in embodiment illustrated in fig. 1.
As shown in Fig. 2, in the license transfer method of the present embodiment, the first software protective lock is with the second software protective lockHardware lock, then S2 steps shown in FIG. 1 may particularly include:
S21, the data packet is sent to and is locked with the associated cloud of first account;
In the present embodiment, when needing to shift digital permission between different hardware locks, terminal device can passed throughOn licensed service application login user account after, the data packet of unified format is generated by licensed service application, account is closedDesignation number license in one hardware lock of connection is sent to by data packet in the associated another hardware lock of account.Specific implementationWhen, it can will be plugged on terminal device as the hardware lock for the side of producing, then the licensed service application on terminal device can recognizeThe hardware lock, and show the relevant information of the hardware lock, include the relevant information of designation number to be transferred license.By being permittedThe cloud that first data packet permitted including designation number is sent in account can be served by lock, sent the packet within via cloud lockThe hardware lock being transferred to needs.
S22, it is sent to second software protective lock from cloud lock by the data packet;
Cloud lock is delivered a packet to, it, can be still with above-mentioned unified format after digital permission is temporarily transferred to Yun SuozhongThe digital permission for being temporarily stored in Yun Suozhong is sent to the second hardware lock in a manner of data packet.
S23, designation number license is set as down state from deletion in cloud lock or in cloud lock.
After the digital permission for being temporarily stored in Yun Suozhong is sent to the second hardware lock, the number can will be deleted from Yun Suozhong and will be permittedCan, or the digital permission can also be retained in Yun Suozhong, the state of digital permission is only set as unavailable.
Through the embodiment of the present invention, when being shifted between software protective lock, including the data packet of digital permission can be in safetyCompass in be transmitted, it is ensured that the safety of data.
Fig. 3 is that the software digital of the present invention permits to carry out account association or disassociation to hardware device in transfer methodSchematic flow chart.
As previously mentioned, the embodiment of the present invention includes be associated with hardware lock or the step of disassociation with user accountSuddenly.As shown in figure 3, the process of association or disassociation may include following steps:
S41, the association request or disassociation request for obtaining the hardware device;
After user is by the licensed service application logon account on terminal device, it can be obtained by operating licensed service applicationIt must be connected to the association request or disassociation request of the hardware lock of the terminal device, and transmit the request to digital permission serviceThe module of digital permission transfer is responsible in platform.Such as OUATH systems can be used to manage use in digital permission service platformFamily account.Token needed for calling platform related service can be obtained after by licensed service application logon account.
S42, check whether the association request or disassociation request conform to a predetermined condition;
For example it may include in association request or disassociation request for ensuring the effective random number of response single, it can basisWhether association request or disassociation request are legal to be determined to the verification of the random number.
In an embodiment of the invention, association request or disassociation request may include hardware lock identification information andThe signed data signed to predetermined information with the private key of hardware lock.The mark for the hardware lock that request includes can be passed throughInformation determines public key corresponding with the private key of the hardware lock, and sign test is carried out to the signed data that request includes come really with the public keyWhether fixed request is legal.
After determining that request is legitimate request, can check the current state of hardware lock, for example, determine hardware lock whether with terminalWhether equipment physical connection or wireless connection determine hardware lock in the state that can carry out data interaction with terminal device.
S43, when the association request or disassociation request conform to a predetermined condition, to the hardware device returning responseData, the response data include the first account information.
If each item data in request is determined as legal state, and hardware lock be in can data interaction state, then may be usedTo send response data to hardware lock.It may include random number included in account information and request in response data.AccountInformation is such as can be the email address of user name or the account ID and Account Type of other forms as account.To closingIt can also includes account certificate to join in the response data of request, and as previously mentioned, account certificate can be used for digital permission and turnSecurely transmitting for request or the data packet including digital permission related data etc. is moved, such as can be in digital permission transfer requestOr the data packet including digital permission related data includes that the first software protective lock is carried out using the private key in account certificateThe signed data that signature obtains, so that recipient can use the correspondence public key in certificate to carry out sign test, certainly, in addition to using accountCertificate this mode in family generates outside signed data, can also have oneself independent private key for sending out signature in each hardware lockData.To that need not include then account certificate in the response data of disassociation request.In addition, can also include hard in response dataThe signed data of identification information and digital licensed service platform side that part is locked is so that hardware lock carries out sign test using corresponding public key.
After hardware lock receives response data, check whether each item data therein legal, for example, platform side number of signatureAccording to whether can sign test success, whether random number be proved to be successful.If it is determined that each item data in response data is legal, then rootAccording to the type of transmitted request, in hardware lock internal record or account information is deleted, account information for example can be as accountThe email address of user name or the account ID of other forms and Account Type etc..After the completion of response data processing, it can return toSuccess confirmation message.
In addition, in the embodiment of the present invention, when the account information of user changes, such as account attributes, account name orAccount certificate is changed, then can will be plugged on terminal device with the associated hardware lock of account, by terminal deviceLicensed service using being updated to the account information in hardware lock.
In embodiments of the present invention, it (is such as set in the identification information that association request or disassociation request include hardware lockStandby ID) in the case of, it, can be in the first account when judging that the association request or disassociation request conform to a predetermined conditionThe identification information of add or delete hardware lock can be so convenient for pair being locked into the hardware of the first account management as related informationRow management.
In an embodiment of the invention, it, can be first to the first software protective lock when determination will carry out digital permission transferIt sends License Status and obtains request, the status information permitted about designation number is obtained from the first software protective lock, when determining shapeState information second software protective lock that conforms to a predetermined condition described in Shi Caicong obtains the digital permission transfer request.Designation number is permittedCan status information may include that the identification information of user of the identification information of such as digital permission, digital permission, number are permittedCan corresponding software the information in relation to digital permission such as the identification information of developer.Predetermined condition for example may include the first softwareProtection lock in designation number license whether be in effective status, such as the term of validity of license it is whether expired, license limitationWhether number has reached.Whether predetermined condition can also include whether designation number license allows to shift, i.e., have disabled to thisThe transfer operation of digital permission.
Dedicated data format can be used in embodiments of the present invention to transmit the data for including digital permission related dataPacket.For example, may include for verifying the identification information of legitimate client, version information, transfer operation state letter in data packetBreath etc..Transfer operation status information may include in state to be transferred, transfer state, Error When Transferring state etc. after state, transfer.NumberBinary system array may be used as message body in transmission process according to packet.
In some embodiment of the invention, in digital permission transfer request or data packet including digital permission related dataIt can also include digital permission shift direction information, such as the shift direction that cloud is locked is locked to from hardware, or hardware is locked into from hardwareThe shift direction etc. of lock, in order to trace the transfer history of digital permission.
In embodiments of the present invention, when there are failure scenarios in transfer process, for example, transfer request or data packet do not meet it is pre-When fixed condition, error messages can be returned to digital permission service platform side, be determined whether to adjust specified number according to error messagesThe state of word license.For example, when digital permission shifts failure, it can be in the software protective lock as the side of producing by designation numberThe transfering state of license fails labeled as transfer, in order to trace the transfer history of digital permission.
Fig. 4 is that the software digital of the present invention permits the schematic block diagram of transfer system.
As shown in Figure 4, the software digital license transfer system of the present embodiment includes license transfer equipment 20, the first software locks11 and second software locks 12.License transfer equipment 20 may include login module 21, acquisition module 22, shift module 23, associationModule 24 and setup module 25.
Login module 21 is configured to the first account information and logs on to the first account created in digital permission service platformFamily.Relating module 24 is configured to the first software protective lock 11 being associated with the second software protective lock 12 with the first account.
Acquisition module 22 is configured to obtain the digital permission transfer request based on the first account information, and shift module 23 configuresFor the data that according to digital permission transfer request, will include with the designation number license related data in the first software protective lock 11Packet is sent to the second software protective lock 12.
Setup module 25 is configured to delete or be set as unavailable designation number license in first software protective lock 11State.
The embodiment of the present invention digital permission transfer based on the same user account created in digital permission service platform comeIt carries out, can have that there are one the clouds for being located at digital permission service platform (server end) to lock under account.The account is permissible with accountThe personnel of the family right to use are logged in by different terminals to be locked using cloud, but is permitted for the same software digital under the account in cloud lockCan, the same time only allows a terminal device logs account to be used.
After user is by 21 logon account of login module, the software digital license issued to account cloud lock can be viewed simultaneouslyIt is used.Before carrying out license transfer, needs to first pass through relating module 24 and will shift relevant software protective lock with license and closeIt is coupled to account.According to embodiments of the present invention, license transfer is could be between the associated software protective lock of the first accountRow.First software protective lock 11 can be cloud lock, then the second software protective lock 12 can be hardware device;Vice versa, i.e., andOne software protective lock 11 can be hardware device, and the second software protective lock 12 is locked for cloud.
In digital permission transfer to be carried out, the account is logged in by login module 21, can be based on by acquisition module 22Account information obtains digital permission transfer request, and license transfer is carried out in a manner of transmission data packet shift module 23.After the completion of transfer, down state is deleted or be set as to the digital permission in first software protective lock 11 by setup module 25.
It is different soft under the same user account that the embodiment of the present invention so that software digital license can and be merely able toIt being shifted between part protection lock, transfer process is carried out by the licensed service application login user account in any terminal equipment,Need not be by means of other hardware devices, and the both sides of license transfer need not be at same place so that user can be notSame digital permission is used in different ways with region, fully meets the use needs currently permitted software digital, simultaneouslyCan be user reduces the cost for using software product.
In an embodiment of the invention, the first software protective lock 11 and the second software protective lock 12 are as hardware deviceHardware lock.In the present embodiment, shift module 23 is configurable to deliver a packet to and be locked with the associated cloud of the first accountTransfer is carried out, then the second software protective lock 12 is sent the packet to from cloud lock.Setup module 25 is further configured to refer toDetermine digital permission to delete from Yun Suozhong or be set as down state in cloud lock.Through the embodiment of the present invention, in softwareWhen being shifted between protection lock, including the data packet of digital permission can be transmitted in the compass of safety, it is ensured that dataSafety.
In embodiments of the present invention, to hardware lock carry out with account be associated with or disassociation can by acquisition module 22 andRelating module 24 executes.After 21 logon account of login module, association request can be obtained from hardware lock by acquisition module 22Or disassociation request, and check whether association request or disassociation request conform to a predetermined condition by relating module 24, when askingIt asks when conforming to a predetermined condition, from relating module 24 to the hardware lock returning response data, the first account is may include in response dataFamily information.After hardware lock receives response data, check whether each item data therein legal, for example, platform side signed dataWhether can sign test success, whether random number be proved to be successful.If it is determined that each item data in response data is legal, then basisThe type of transmitted request in hardware lock internal record or deletes account information, and account information for example can be as accountThe email address of user name or the account ID of other forms and Account Type etc..
For example it may include in the embodiment of the present invention, in association request or disassociation request for ensuring that response single is effectiveRandom number, can determine whether association request or disassociation request legal according to the verification to the random number.
In the embodiment of the present invention, association request or disassociation request may include the identification information of hardware lock and use hardwareThe signed data that the private key of lock signs to predetermined information.Relating module 24 is configurable to the mark according to hardware lockInformation determines public key corresponding with the private key of the hardware lock, and sign test is carried out to the signed data that request includes come really with the public keyWhether fixed request is legal.Determine request for after legitimate request, relating module 24 can check the current state of hardware lock, such as determineHardware lock whether with terminal device physical connection or wireless connection, that is, determine hardware lock whether in can be into line number with terminal deviceAccording to interactive state.Determine that when legal and hardware lock being asked to be in predetermined state, relating module 24 is returned to the hardware lock to be rungAnswer data.
In an embodiment of the invention, include the identification information of hardware lock in association request or disassociation requestIn the case of, when judging that association request or disassociation request conform to a predetermined condition, relating module 24 can be in the first accountThe identification information of add or delete hardware lock can be so convenient for pair being locked into the hardware of the first account management as related informationRow management.
In an embodiment of the invention, it, can be from acquisition module 22 first to the when determination will carry out digital permission transferOne software protective lock sends License Status and obtains request, to obtain the state permitted about designation number from the first software protective lockInformation, and be configured to just obtain digital permission transfer request from the second software protective lock when status information conforms to a predetermined condition.The status information of designation number license may include the mark letter of the user of the identification information of such as digital permission, digital permissionThe information in relation to digital permission such as the identification information of developer of breath, digital permission corresponding software.Predetermined condition can for example wrapInclude in the first software protective lock designation number license whether be in effective status, such as the term of validity of license it is whether expired,Whether the limited number of times of license has reached.Whether predetermined condition can also include whether designation number license allows to shift, i.e.,Have disabled the transfer operation to the digital permission.
Some embodiments of the present invention are described in detail above, but the present invention is not restricted to these specific embodiment,But the embodiment of multiple modifications or modification can be built without departing from the inventive concept, these modifications or modification are allIt should be included in the scope of protection of present invention.