[go: up one dir, main page]

CN114995838A - Software authorization installation method, device, equipment and medium for enterprise client - Google Patents

Software authorization installation method, device, equipment and medium for enterprise client Download PDF

Info

Publication number
CN114995838A
CN114995838A CN202210494903.4A CN202210494903A CN114995838A CN 114995838 A CN114995838 A CN 114995838A CN 202210494903 A CN202210494903 A CN 202210494903A CN 114995838 A CN114995838 A CN 114995838A
Authority
CN
China
Prior art keywords
software
authorization
program
installation package
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210494903.4A
Other languages
Chinese (zh)
Inventor
姚晓星
周磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ctrip Travel Network Technology Shanghai Co Ltd
Original Assignee
Ctrip Travel Network Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ctrip Travel Network Technology Shanghai Co Ltd filed Critical Ctrip Travel Network Technology Shanghai Co Ltd
Priority to CN202210494903.4A priority Critical patent/CN114995838A/en
Publication of CN114995838A publication Critical patent/CN114995838A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)

Abstract

本发明公开了一种企业客户端的软件授权安装方法、装置、设备和介质,该软件授权安装方法,包括以下步骤:获取加密过的软件数据;解密软件数据,并根据解密过的软件数据下载软件安装包;当软件安装包校验通过时,释放预先配置的授权程序;设置并加密与软件安装包对应的账号数据;发送账号数据,以使授权程序根据管理员账号运行软件安装包。本发明完善了企业客户端的软件安装功能,在不降低安全性的前提下,扩大了软件安装的范围,提高了用户体验度。

Figure 202210494903

The invention discloses a software authorization installation method, device, equipment and medium for an enterprise client. The software authorization installation method includes the following steps: obtaining encrypted software data; decrypting the software data, and downloading software according to the decrypted software data installation package; when the software installation package is verified, release the pre-configured authorization program; set and encrypt account data corresponding to the software installation package; send account data so that the authorization program runs the software installation package according to the administrator account. The invention improves the software installation function of the enterprise client, expands the scope of software installation and improves the user experience on the premise of not reducing security.

Figure 202210494903

Description

企业客户端的软件授权安装方法、装置、设备和介质Software authorization installation method, apparatus, device and media for enterprise client

技术领域technical field

本发明涉及软件领域,尤其涉及一种企业客户端的软件授权安装的方法、装置、设备和介质。The present invention relates to the field of software, and in particular, to a method, apparatus, device and medium for software authorized installation of an enterprise client.

背景技术Background technique

应企业管理、安全及业务等需求,往往需要在企业客户端上部署各类工作软件。例如,通信软件(微信)、航司软件、票务处理软件、开发类软件、UI设计软件和数据库类软件等。根据企业的安全与管理需求,往往会限制用户无管理员权限,但是大多数工作软件需要使用管理员权限后,才能正常安装使用。To meet the needs of enterprise management, security and business, it is often necessary to deploy various work software on enterprise clients. For example, communication software (WeChat), airline software, ticket processing software, development software, UI design software and database software, etc. According to the security and management requirements of the enterprise, users are often restricted without administrator rights, but most work software can be installed and used normally only after using administrator rights.

常用的软件授权安装方式包括本地系统服务权限的授权安装和指定本机管理员权限的授权安装。本地系统服务的授权安装方式,受限于系统服务的特性,只能支持无用户交互界面的静默安装方式。但是很多工作软件安装包不支持静默安装,导致系统服务能支持安装的软件种类受到极大的限制。指定本机管理员权限的授权安装,虽然能够解决本地系统服务不能支持存在交互界面的交互安装方式,但是对管理员账号的安全管理需要耗费很大精力。Commonly used software authorized installation methods include authorized installation of local system service rights and authorized installation of designated local administrator rights. The authorized installation method of the local system service is limited by the characteristics of the system service, and can only support the silent installation method without user interaction interface. However, many working software installation packages do not support silent installation, which greatly limits the types of software that system services can support. Although the authorized installation of the designated local administrator rights can solve the problem that the local system service cannot support the interactive installation method with an interactive interface, the security management of the administrator account requires a lot of energy.

可见,现有的软件授权安装方法,因企业客户端的安全性的要求,导致软件种类受限,安装范围小,造成用户体验度差。It can be seen that the existing software authorization installation method, due to the security requirements of the enterprise client, results in limited software types and a small installation range, resulting in poor user experience.

发明内容SUMMARY OF THE INVENTION

本发明要解决的技术问题是为了克服现有技术中因企业客户端的安全性的要求,导致软件种类受限,安装范围小,造成用户体验度差的缺陷,提供一种企业客户端的软件授权安装的方法、装置、设备和介质。The technical problem to be solved by the present invention is to overcome the defects of limited software types, small installation range and poor user experience due to the security requirements of enterprise clients in the prior art, and to provide a software authorized installation of enterprise clients method, apparatus, apparatus and medium.

本发明是通过下述技术方案来解决上述技术问题:The present invention solves the above-mentioned technical problems through the following technical solutions:

第一方面,本发明提供一种企业客户端的软件授权安装方法,所述软件授权安装方法包括:In a first aspect, the present invention provides a software authorization installation method for an enterprise client, the software authorization installation method comprising:

获取加密过的软件数据;Obtain encrypted software data;

解密所述软件数据,并根据解密过的所述软件数据下载软件安装包;Decrypt the software data, and download a software installation package according to the decrypted software data;

当所述软件安装包校验通过时,释放预先配置的授权程序;所述授权程序用于表征在用户权限运行条件下,获取并以管理员权限授权安装所述软件安装包;When the software installation package is verified and passed, the pre-configured authorization program is released; the authorization program is used to represent that the software installation package is obtained and authorized to install with the administrator authority under the operating conditions of the user authority;

设置并加密与所述软件安装包对应的账号数据;所述账号数据包括管理员账号;Setting and encrypting account data corresponding to the software installation package; the account data includes an administrator account;

发送所述账号数据,以使所述授权程序根据所述管理员账号运行所述软件安装包。The account data is sent, so that the authorization program runs the software installation package according to the administrator account.

较佳地,所述释放预先配置的授权程序的步骤之后,所述软件授权安装方法还包括:Preferably, after the step of releasing the preconfigured authorization program, the software authorization installation method further includes:

向应用平台发送通知信息;所述通知信息用于使所述应用平台运行所述授权程序。Send notification information to the application platform; the notification information is used to make the application platform run the authorization program.

较佳地,所述账号数据包括管理员账号密码,所述软件授权安装方法还包括:Preferably, the account data includes an administrator account password, and the software authorization installation method further includes:

当接收到所述授权程序发送的第一提示信息时,重新设置所述管理员账号密码;所述提示信息用于表征所述授权程序已启动安装所述软件安装包。When receiving the first prompt information sent by the authorization program, reset the administrator account password; the prompt information is used to represent that the authorization program has started to install the software installation package.

较佳地,所述软件授权安装方法还包括:Preferably, the software authorization installation method further includes:

当接收到所述授权程序发送的第二提示信息时,删除所述管理员账号和所述授权程序。When receiving the second prompt message sent by the authorization program, delete the administrator account and the authorization program.

较佳地,所述软件授权安装方法还包括:Preferably, the software authorization installation method further includes:

当所述软件安装包校验不通过时,向应用平台推送告警信息。When the verification of the software installation package fails, the alarm information is pushed to the application platform.

第二方面,本发明提供一种企业客户端的软件授权安装装置,所述软件授权安装系统包括:In a second aspect, the present invention provides a software authorization installation device for an enterprise client, and the software authorization installation system includes:

获取模块,用于获取加密过的软件数据;an acquisition module for acquiring encrypted software data;

数据解密模块,用于解密所述软件数据,并根据解密过的所述软件数据下载软件安装包;a data decryption module for decrypting the software data, and downloading a software installation package according to the decrypted software data;

第一效验模块,用于当所述软件安装包校验通过时,释放预先配置的授权程序;所述授权程序用于表征在用户权限运行条件下,获取管理员权限授权后,安装所述软件安装包;The first verification module is used to release the pre-configured authorization program when the software installation package is verified and passed; the authorization program is used to represent that the software is installed after obtaining the authorization of the administrator authority under the operating conditions of the user authority. Installation package;

设置模块,用于设置并加密与所述软件安装包对应的账号数据;所述账号数据包括管理员账号;a setting module for setting and encrypting account data corresponding to the software installation package; the account data includes an administrator account;

第一发送模块,用于发送所述账号数据,以使所述授权程序根据所述管理员账号运行所述软件安装包。A first sending module, configured to send the account data, so that the authorization program runs the software installation package according to the administrator account.

较佳地,所述软件授权安装系统还包括:Preferably, the software authorization installation system further includes:

第二发送模块,用于向应用平台发送通知信息;所述通知信息用于使所述应用平台运行所述授权程序。The second sending module is configured to send notification information to the application platform; the notification information is used to make the application platform run the authorization program.

较佳地,所述账号数据包括管理员账号密码,所述软件授权安装系统还包括:Preferably, the account data includes an administrator account password, and the software authorization installation system further includes:

第一接收模块,当接收到所述授权程序发送的第一提示信息时,重新设置所述管理员账号密码;所述第一提示信息用于表征所述授权程序已启动安装所述软件安装包。The first receiving module, when receiving the first prompt information sent by the authorization program, reset the administrator account password; the first prompt information is used to represent that the authorization program has started to install the software installation package .

较佳地,所述软件授权安装系统还包括:Preferably, the software authorization installation system further includes:

第二接收模块,用于当接收到所述授权程序发送的第二提示信息时,删除所述管理员账号和所述授权程序;所述第二提示信息用于表征所述授权程序已完成安装软件安装包。The second receiving module is configured to delete the administrator account and the authorization program when receiving the second prompt information sent by the authorization program; the second prompt information is used to represent that the authorization program has been installed Software installation package.

较佳地,所述软件授权安装系统还包括:Preferably, the software authorization installation system further includes:

第二校验模块,用于当所述软件安装包校验不通过时,向应用平台推送告警信息。The second verification module is configured to push alarm information to the application platform when the software installation package verification fails.

第三方面,本发明还提供一种电子设备,包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序被所述处理器执行如第一方面中任一项所述的企业客户端的软件授权安装方法。In a third aspect, the present invention also provides an electronic device, comprising a processor, a memory, and a computer program stored on the memory and executable on the processor, the computer program being executed by the processor as described in Section 1. The software authorization installation method of an enterprise client according to any one of the aspects.

第四方面,本发明还提供一种计算机可读存储介质,所述计算机可读存储介质上存储计算机程序,所述计算机程序被处理器执行时实现如第一方面中任一项所述的企业客户端的软件授权安装方法的步骤。In a fourth aspect, the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the enterprise according to any one of the first aspects is implemented. The steps of the software license installation method for the client.

本发明的积极进步效果在于:提供一种企业客户端的软件授权安装方法、装置、设备和介质,根据解密过的软件数据下载软件安装包,在软件安装包校验通过时,释放预先配置的授权程序,将软件安装包对应的管理员账号发送,以使得授权程序根据管理员账号运行软件安装包。本发明完善了企业客户端的软件安装功能,在不降低安全性的前提下,扩大了软件安装的范围,提高了用户体验度。The positive improvement effect of the present invention is: to provide a software authorization installation method, device, device and medium for an enterprise client, download the software installation package according to the decrypted software data, and release the pre-configured authorization when the software installation package is verified and passed. The program sends the administrator account corresponding to the software installation package, so that the authorized program runs the software installation package according to the administrator account. The invention improves the software installation function of the enterprise client, expands the scope of software installation and improves the user experience on the premise of not reducing the security.

附图说明Description of drawings

图1为本发明实施例1的企业客户端的软件授权安装方法的流程图。FIG. 1 is a flowchart of a software authorization installation method of an enterprise client according to Embodiment 1 of the present invention.

图2为本发明实施例1的交互式软件安装授权的数据流示意图。FIG. 2 is a schematic diagram of a data flow of interactive software installation authorization according to Embodiment 1 of the present invention.

图3为本发明实施例2的企业客户端的软件授权安装系统的模块示意图。FIG. 3 is a schematic diagram of modules of a software authorization installation system of an enterprise client according to Embodiment 2 of the present invention.

图4为本发明实施例3的电子设备的硬件结构示意图。FIG. 4 is a schematic diagram of a hardware structure of an electronic device according to Embodiment 3 of the present invention.

具体实施方式Detailed ways

下面通过实施例的方式进一步说明本发明,但并不因此将本发明限制在所述的实施例范围之中。The present invention is further described below by way of examples, but the present invention is not limited to the scope of the described examples.

实施例1Example 1

图1是本发明实施例中一种企业客户端的软件授权安装方法的流程图,应用于客户端,具体可以包括如下步骤:1 is a flowchart of a software authorization installation method for an enterprise client in an embodiment of the present invention, which is applied to the client and may specifically include the following steps:

S1、获取加密过的软件数据。S1. Obtain encrypted software data.

S2、解密软件数据,并根据解密过的软件数据下载软件安装包。S2. Decrypt the software data, and download the software installation package according to the decrypted software data.

S31、当软件安装包校验通过时,释放预先配置的授权程序;授权程序用于表征在用户权限运行条件下,获取管理员权限授权后,安装软件安装包。S31. Release the preconfigured authorization program when the verification of the software installation package is passed; the authorization program is used to represent that the software installation package is installed after obtaining the authorization of the administrator authority under the operating condition of the user authority.

S32、当软件安装包校验不通过时,向应用平台推送告警信息。S32, when the software installation package fails to pass the verification, push alarm information to the application platform.

S4、设置并加密与软件安装包对应的账号数据;账号数据包括管理员账号。S4. Set and encrypt account data corresponding to the software installation package; the account data includes an administrator account.

S5、发送账号数据,以使授权程序根据管理员账号运行软件安装包。S5. Send account data, so that the authorized program runs the software installation package according to the administrator account.

针对上述步骤S1,当用户点击安装于客户端上的应用平台(门户网站)时,可以通过该应用平台所展示的解密选择需要安装的软件类型后,客户端可以通过后台接口从服务器上获取该软件类型对应的加密过的软件数据。从而使得不用客户端的用户可以根据自身需求获取不同种类的软件安装包,实现个性化定制,进一步节省系统资源,扩大了客户端支撑的软件安装种类的范围。软件数据可以包括软件安装包的基础信息、软件安装包的网络下载地址信息和软件安装包的哈希校验码等。For the above step S1, when the user clicks on the application platform (portal website) installed on the client, after selecting the type of software to be installed through the decryption displayed by the application platform, the client can obtain the software from the server through the background interface. The encrypted software data corresponding to the software type. Therefore, users who do not need a client can obtain different types of software installation packages according to their own needs, realize personalized customization, further save system resources, and expand the range of software installation types supported by the client. The software data may include basic information of the software installation package, network download address information of the software installation package, hash check code of the software installation package, and the like.

需要说明的是,服务器可以是单台服务器或者服务器集群,具体可以根据需要服务的客户端的数量对应的数据量和吞吐量确定。客户端的数量和种类也可以是多样的。It should be noted that the server may be a single server or a server cluster, which may be specifically determined according to the data volume and throughput corresponding to the number of clients that need to be served. The number and types of clients can also be varied.

针对上述步骤S2,加密过的软件数据被解密之后,根据软件安装包的网络下载地址信息下载软件安装包之后,已下载的软件安装包可能会被服务器上的其他程序恶意篡改,故在运行软件安装包之前需要对已下载的软件安装包进行校验,若校验通过后才能运行软件安装包。例如,可以根据软件安装包的哈希校验码检验下载的软件安装包是否正确,也可以根据软件安装包的加密数据检验下载的软件安装包是否正确,可以进一步提高客户端软件安装的安全性。For the above step S2, after the encrypted software data is decrypted, and after downloading the software installation package according to the network download address information of the software installation package, the downloaded software installation package may be maliciously tampered with by other programs on the server. Before installing the package, you need to verify the downloaded software installation package. If the verification is passed, the software installation package can be run. For example, whether the downloaded software installation package is correct can be checked according to the hash check code of the software installation package, or whether the downloaded software installation package can be checked according to the encrypted data of the software installation package, which can further improve the security of client software installation .

针对上述步骤S31,在软件安装包校验通过后,客户端将预先配置完成,且暂存于本地系统服务的授权程序存储于客户端的另一设定路径下。设定路径可以根据具体情况而定,不作具体限制。For the above step S31, after the software installation package is verified and passed, the client is pre-configured, and the authorization program temporarily stored in the local system service is stored in another set path of the client. The setting path can be determined according to the specific situation, and there is no specific limitation.

针对上述步骤S32,在软件安装包校验不通过后,客户端会向应用平台发送下载错误的告警信息,应用平台会向后台提交下载错误的记录后结束软件安装包的安装过程。For the above step S32, after the software installation package verification fails, the client will send a download error alarm to the application platform, and the application platform will submit a download error record to the background and end the installation process of the software installation package.

针对上述步骤S4-S5,客户端的本地服务系统可以创建一个对应于软件安装包的账号数据并发送至授权程序。该账号数据具有时效性且可以包括管理员账号。客户端在生成账号数据的同时生成随机强密码,该随机强密码为20位携带大小写字母、数字或者特殊符合的哈希校验码。该方式可以避免软件安装过程中临时生成的账号数据被泄漏,进一步提高客户端软件安装的安全性。For the above steps S4-S5, the local service system of the client can create an account data corresponding to the software installation package and send it to the authorization program. The account data is time-sensitive and may include an administrator account. The client generates a random strong password while generating the account data. The random strong password is a 20-digit hash check code with upper and lower case letters, numbers or special matches. This method can prevent the account data temporarily generated during the software installation from being leaked, and further improve the security of the client software installation.

在一种可能实现的方案中,步骤S31之后,该软件授权安装方法还包括:In a possible solution, after step S31, the software authorization installation method further includes:

S311、向应用平台发送通知信息;通知信息用于使应用平台运行授权程序。S311. Send notification information to the application platform; the notification information is used to make the application platform run the authorization program.

具体地,客户端通过预设的私有协议以当前的用户权限唤起授权程序,也即,通过预设的注册表键值,支持应用平台的交互页面唤起本地应用的协议,从而使得授权程序运行起来。Specifically, the client evokes the authorization program with the current user authority through the preset private protocol, that is, through the preset registry key value, supports the interaction page of the application platform to evoke the local application protocol, so that the authorization program runs .

该账号数据包括管理员账号密码,软件授权安装方法还包括:The account data includes the administrator account password, and the software authorized installation method also includes:

S51、当接收到授权程序发送的第一提示信息时,重新设置管理员账号密码;第一提示信息用于表征授权程序已启动安装软件安装包。S51. When receiving the first prompt message sent by the authorization program, reset the administrator account password; the first prompt message is used to indicate that the authorization program has started to install the software installation package.

S52、当接收到授权程序发送的第二提示信息时,删除管理员账号和授权程序;第二提示信息用于表征授权程序已完成安装软件安装包。S52 , when receiving the second prompt information sent by the authorization program, delete the administrator account and the authorization program; the second prompt information is used to indicate that the authorization program has completed installing the software installation package.

针对上述步骤S51-S52,当接收到授权程序发送的“安装开始”的提示信息时,立即再次生成随机强密码并修改临时生成的管理员账号密码,从而避免软件安装包在安装过程中的临时生成的管理员账号密码被泄漏,降低了临时生成的管理员账号密码被内存劫持获取的风险性,保证了软件安装的安全性。For the above steps S51-S52, when receiving the prompt message of "installation start" sent by the authorized program, immediately generate a random strong password again and modify the temporarily generated administrator account password, so as to avoid the temporary interruption of the software installation package during the installation process. The generated administrator account password is leaked, which reduces the risk that the temporarily generated administrator account password is acquired by memory hijacking, and ensures the security of software installation.

当接收到授权程序发送的“安装结束”的提示信息时,客户端进行软件安装的清理工作,删除本地临时生成的管理员账号密码,删除授权程序。从而避免软件安装包在安装结束后临时生成的管理员账号密码被泄漏,降低了临时生成的管理员账号密码被内存劫持获取的风险性,也保证了软件安装的安全性。When receiving the "installation complete" prompt message sent by the authorized program, the client will clean up the software installation, delete the locally temporarily generated administrator account password, and delete the authorized program. Thus, the administrator account password temporarily generated after the installation of the software installation package is prevented from being leaked, the risk of the temporarily generated administrator account password being acquired by memory hijacking is reduced, and the security of software installation is also ensured.

如图2所示,后台接口为服务器的一部分,服务器可以提供管理页面,以添加或更改应用程序、设置配置数据(小应用配置),并存储配置数据至数据库。客户端从显示界面和客户端工具的内部运行的角度分为应用平台和本地系统服务两部分,应用平台对应于向用户展示的界面,本地系统服务对应于客户端工具后台运行部分。在用户通过安装在于客户端的应用平台提供的界面选择并运行应用时,服务器向客户端提供相应的应用程序的下载指示数据,也即加密过的软件数据。该方式仅需用户一次选择即可实现其选中的应用程序的运行,并通过显示应用执行结果步骤看到软件数据下载的执行结果,提供了用户体验度。As shown in Figure 2, the backend interface is part of the server, which can provide management pages to add or change applications, set configuration data (applets configuration), and store configuration data in a database. The client is divided into two parts: the application platform and the local system service from the perspective of the display interface and the internal operation of the client tool. The application platform corresponds to the interface displayed to the user, and the local system service corresponds to the background running part of the client tool. When the user selects and runs an application through the interface provided by the application platform installed on the client, the server provides the client with download instruction data of the corresponding application, that is, encrypted software data. In this way, the user only needs to select once to realize the running of the selected application, and see the execution result of the software data download through the step of displaying the application execution result, which provides the user experience.

客户端通过本地系统服务执行前述的获取加密过的软件数据、解密软件数据并下载安装包等步骤。The client performs the aforementioned steps of acquiring the encrypted software data, decrypting the software data, and downloading the installation package through the local system service.

本实施例,提供一种企业客户端的软件授权安装方法,获取加密过的软件数据;解密软件数据,并根据解密过的软件数据下载软件安装包;当软件安装包校验通过时,释放预先配置的授权程序;设置并加密与软件安装包对应的账号数据;发送账号数据,以使授权程序根据管理员账号运行软件安装包。本发明完善了企业客户端的软件安装功能,在不降低安全性的前提下,扩大了软件安装的范围,提高了用户体验度。This embodiment provides a software authorization installation method for an enterprise client, which obtains encrypted software data; decrypts the software data, and downloads a software installation package according to the decrypted software data; when the software installation package is verified, the pre-configured software is released the authorization program; set and encrypt the account data corresponding to the software installation package; send the account data so that the authorization program can run the software installation package according to the administrator account. The invention improves the software installation function of the enterprise client, expands the scope of software installation and improves the user experience on the premise of not reducing the security.

实施例2Example 2

图3是本发明实施例中一种企业客户端的软件授权安装装置的模块示意图,具体可以包括如下模块:获取模块210、数据解密模块220、第一校验模块231、第二校验模块232、设置模块240和第一发送模块250。3 is a schematic diagram of modules of a software authorization installation device for an enterprise client in an embodiment of the present invention, which may specifically include the following modules: an acquisition module 210, a data decryption module 220, a first verification module 231, a second verification module 232, A setting module 240 and a first sending module 250 are provided.

其中,获取模块210,用于获取加密过的软件数据。The obtaining module 210 is used for obtaining encrypted software data.

数据解密模块220,用于解密所述软件数据,并根据解密过的软件数据下载软件安装包,The data decryption module 220 is used to decrypt the software data, and download the software installation package according to the decrypted software data,

第一校验模块231,用于当软件安装包校验通过时,释放预先配置的授权程序;授权程序用于表征在用户权限运行条件下,获取并以管理员权限授权安装软件安装包。The first verification module 231 is used to release the preconfigured authorization program when the software installation package is verified and passed; the authorization program is used to represent that the software installation package is obtained and authorized to install with the administrator authorization under the operating condition of the user authorization.

第二校验模块232,当软件安装包校验不通过时,向应用平台推送告警信息。The second verification module 232, when the software installation package verification fails, pushes alarm information to the application platform.

设置模块240,用于设置并加密与软件安装包对应的账号数据;账号数据包括管理员账号。The setting module 240 is used for setting and encrypting account data corresponding to the software installation package; the account data includes an administrator account.

第一发送模块250,用于发送账号数据,以使授权程序根据管理员账号运行软件安装包。The first sending module 250 is configured to send account data, so that the authorized program runs the software installation package according to the administrator account.

当用户点击安装于客户端上的应用平台(门户网站)时,可以通过该应用平台所展示的解密选择需要安装的软件类型后,获取模块210可以通过后台接口从服务器上获取该软件类型对应的加密过的软件数据。从而使得不用客户端的用户可以根据自身需求获取不同种类的软件安装包,实现个性化定制,进一步节省系统资源,扩大了客户端支撑的软件安装种类的范围。软件数据可以包括软件安装包的基础信息、软件安装包的网络下载地址信息和软件安装包的哈希校验码等。When the user clicks on the application platform (portal website) installed on the client, after selecting the software type to be installed through the decryption displayed by the application platform, the obtaining module 210 can obtain the corresponding software type from the server through the background interface Encrypted software data. Therefore, users who do not need a client can obtain different types of software installation packages according to their own needs, realize personalized customization, further save system resources, and expand the range of software installation types supported by the client. The software data may include basic information of the software installation package, network download address information of the software installation package, hash check code of the software installation package, and the like.

需要说明的是,服务器可以是单台服务器或者服务器集群,具体可以根据需要服务的客户端的数量对应的数据量和吞吐量确定。客户端的数量和种类也可以是多样的。It should be noted that the server may be a single server or a server cluster, which may be specifically determined according to the data volume and throughput corresponding to the number of clients that need to be served. The number and types of clients can also be varied.

加密过的软件数据被解密之后,数据解密模块220根据软件安装包的网络下载地址信息下载软件安装包之后,已下载的软件安装包可能会被服务器上的其他程序恶意篡改,故在运行软件安装包之前需要对已下载的软件安装包进行校验,若校验通过后才能运行软件安装包。例如,可以根据软件安装包的哈希校验码检验下载的软件安装包是否正确,也可以根据软件安装包的加密数据检验下载的软件安装包是否正确,可以进一步提高客户端软件安装的安全性。After the encrypted software data is decrypted, after the data decryption module 220 downloads the software installation package according to the network download address information of the software installation package, the downloaded software installation package may be maliciously tampered with by other programs on the server. The downloaded software installation package needs to be verified before the package. If the verification is passed, the software installation package can be run. For example, whether the downloaded software installation package is correct can be checked according to the hash check code of the software installation package, or whether the downloaded software installation package can be checked according to the encrypted data of the software installation package, which can further improve the security of client software installation .

在软件安装包校验通过后,第一校验模块231将预先配置完成,且暂存于本地系统服务的授权程序存储于客户端的另一设定路径下。设定路径可以根据具体情况而定,不作具体限制。After the software installation package has passed the verification, the first verification module 231 is pre-configured, and the authorized program temporarily stored in the local system service is stored in another set path of the client. The setting path can be determined according to the specific situation, and there is no specific limitation.

在软件安装包校验不通过后,第二校验模块232会向应用平台发送下载错误的告警信息,应用平台会向后台提交下载错误的记录后结束软件安装包的安装过程。After the software installation package verification fails, the second verification module 232 will send a download error alarm message to the application platform, and the application platform will submit a download error record to the background and end the installation process of the software installation package.

设置模块240可以创建一个对应于软件安装包的账号数据并发送至授权程序。该账号数据具有时效性且可以包括管理员账号。客户端在生成账号数据的同时生成随机强密码,该随机强密码为20位携带大小写字母、数字或者特殊符合的哈希校验码。该方式可以避免软件安装过程中临时生成的账号数据被泄漏,进一步提高客户端软件安装的安全性。The setting module 240 may create an account data corresponding to the software installation package and send it to the authorization program. The account data is time-sensitive and may include an administrator account. The client generates a random strong password while generating the account data. The random strong password is a 20-digit hash check code with upper and lower case letters, numbers or special matches. This method can prevent the account data temporarily generated during the software installation from being leaked, and further improve the security of the client software installation.

在一种可能实现的方案中,该软件授权安装系统还包括:In a possible solution, the software authorization installation system further includes:

第二发送模块,用于向应用平台发送通知信息;通知信息用于使应用平台运行授权程序。The second sending module is used to send notification information to the application platform; the notification information is used to make the application platform run the authorization program.

具体地,第二发送模块通过预设的私有协议以当前的用户权限唤起授权程序,也即,通过预设的注册表键值,支持应用平台的交互页面唤起本地应用的协议,从而使得授权程序运行起来。Specifically, the second sending module evokes the authorization program with the current user authority through the preset private protocol, that is, through the preset registry key value, supports the interaction page of the application platform to evoke the local application protocol, so that the authorization program up and running.

该账号数据包括管理员账号密码,该软件授权安装系统还包括:The account data includes the administrator account password, and the software authorized installation system also includes:

第一接收模块,当接收到授权程序发送的第一提示信息时,重新设置管理员账号密码;第一提示信息用于表征授权程序已启动安装软件安装包。The first receiving module resets the administrator account password when receiving the first prompt message sent by the authorization program; the first prompt message is used to indicate that the authorization program has started to install the software installation package.

第二接收模块,用于当接收到授权程序发送的第二提示信息时,删除管理员账号和授权程序;第二提示信息用于表征授权程序已完成安装软件安装包。The second receiving module is used to delete the administrator account and the authorization program when receiving the second prompt information sent by the authorization program; the second prompt information is used to indicate that the authorization program has completed installing the software installation package.

当第一接收模块接收到授权程序发送的“安装开始”的提示信息时,立即再次生成随机强密码并修改临时生成的管理员账号密码,从而避免软件安装包在安装过程中的临时生成的管理员账号密码被泄漏,降低了临时生成的管理员账号密码被内存劫持获取的风险性,保证了软件安装的安全性。When the first receiving module receives the "installation start" prompt message sent by the authorized program, it immediately generates a random strong password again and modifies the temporarily generated administrator account password, so as to avoid the temporarily generated management of the software installation package during the installation process. The administrator account password is leaked, which reduces the risk that the temporarily generated administrator account password is acquired by memory hijacking, and ensures the security of software installation.

当第二接收模块接收到授权程序发送的“安装结束”的提示信息时,客户端进行软件安装的清理工作,删除本地临时生成的管理员账号密码,删除授权程序。从而避免软件安装包在安装结束后临时生成的管理员账号密码被泄漏,降低了临时生成的管理员账号密码被内存劫持获取的风险性,也保证了软件安装的安全性。When the second receiving module receives the prompt message of "installation complete" sent by the authorization program, the client performs software installation cleaning, deletes the locally temporarily generated administrator account password, and deletes the authorization program. Thus, the administrator account password temporarily generated after the installation of the software installation package is prevented from being leaked, the risk of the temporarily generated administrator account password being acquired by memory hijacking is reduced, and the security of software installation is also ensured.

本实施例,提供一种企业客户端的软件授权安装装置,获取模块获取加密过的软件数据;数据解密模块解密软件数据,并根据解密过的软件数据下载软件安装包;当软件安装包校验通过时,第一校验模块释放预先配置的授权程序;设置模块设置并加密与软件安装包对应的账号数据;第一发送模块发送账号数据,以使授权程序根据管理员账号运行软件安装包。本发明完善了企业客户端的软件安装功能,在不降低安全性的前提下,扩大了软件安装的范围,提高了用户体验度。This embodiment provides a software authorization installation device for an enterprise client. The obtaining module obtains encrypted software data; the data decryption module decrypts the software data, and downloads the software installation package according to the decrypted software data; when the software installation package is verified and passed When the first verification module releases the preconfigured authorization program; the setting module sets and encrypts the account data corresponding to the software installation package; the first sending module sends the account data, so that the authorization program runs the software installation package according to the administrator account. The invention improves the software installation function of the enterprise client, expands the scope of software installation and improves the user experience on the premise of not reducing the security.

实施例3Example 3

图4为本实施例提供的一种电子设备的结构示意图。所述电子设备包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现实施例1的企业客户端的软件授权安装方法,图4显示的电子设备60仅仅是一个示例,不应对本发明实施例的功能和使用范围带来任何限制。FIG. 4 is a schematic structural diagram of an electronic device provided in this embodiment. The electronic device includes a memory, a processor, and a computer program stored on the memory and running on the processor. When the processor executes the program, the software authorization installation method for the enterprise client of Embodiment 1 is implemented, as shown in FIG. 4 . The electronic device 60 is only an example, and should not impose any limitation on the function and scope of use of the embodiments of the present invention.

电子设备60可以以通用计算设备的形式表现,例如其可以为服务器设备。电子设备60的组件可以包括但不限于:上述至少一个处理器61、上述至少一个存储器62、连接不同系统组件(包括存储器62和处理器61)的总线63。The electronic device 60 may take the form of a general-purpose computing device, which may be, for example, a server device. The components of the electronic device 60 may include, but are not limited to: the above-mentioned at least one processor 61 , the above-mentioned at least one memory 62 , and a bus 63 connecting different system components (including the memory 62 and the processor 61 ).

总线63包括数据总线、地址总线和控制总线。The bus 63 includes a data bus, an address bus, and a control bus.

存储器62可以包括易失性存储器,例如随机存取存储器(RAM)621和/或高速缓存存储器622,还可以进一步包括只读存储器(ROM)623。Memory 62 may include volatile memory, such as random access memory (RAM) 621 and/or cache memory 622 , and may further include read only memory (ROM) 623 .

存储器62还可以包括具有一组(至少一个)程序模块624的程序/实用工具625,这样的程序模块624包括但不限于:操作系统、一个或者多个应用程序、其它程序模块以及程序数据,这些示例中的每一个或某种组合中可能包括网络环境的实现。The memory 62 may also include a program/utility 625 having a set (at least one) of program modules 624 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, which An implementation of a network environment may be included in each or some combination of the examples.

处理器61通过运行存储在存储器62中的计算机程序,从而执行各种功能应用以及数据处理,例如本发明实施例1的企业客户端的软件授权安装方法。The processor 61 executes various functional applications and data processing by running the computer program stored in the memory 62, such as the software authorization installation method of the enterprise client according to Embodiment 1 of the present invention.

电子设备60也可以与一个或多个外部设备64(例如键盘、指向设备等)通信。这种通信可以通过输入/输出(I/O)接口65进行。并且,模型生成的设备60还可以通过网络适配器66与一个或者多个网络(例如局域网(LAN),广域网(WAN)和/或公共网络,例如因特网)通信。如图所示,网络适配器66通过总线63与模型生成的设备60的其它模块通信。应当明白,尽管图中未示出,可以结合模型生成的设备60使用其它硬件和/或软件模块,包括但不限于:微代码、设备驱动器、冗余处理器、外部磁盘驱动阵列、RAID(磁盘阵列)系统、磁带驱动器以及数据备份存储系统等。The electronic device 60 may also communicate with one or more external devices 64 (eg, keyboards, pointing devices, etc.). Such communication may take place through input/output (I/O) interface 65 . Also, the model-generating device 60 may also communicate with one or more networks (eg, a local area network (LAN), a wide area network (WAN), and/or a public network, such as the Internet) through a network adapter 66 . As shown, the network adapter 66 communicates with other modules of the model generation device 60 via the bus 63 . It should be understood that, although not shown, other hardware and/or software modules may be used in conjunction with the model-generated device 60, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID (disk) array) systems, tape drives, and data backup storage systems.

应当注意,尽管在上文详细描述中提及了电子设备的若干单元/模块或子单元/模块,但是这种划分仅仅是示例性的并非强制性的。实际上,根据本发明的实施方式,上文描述的两个或更多单元/模块的特征和功能可以在一个单元/模块中具体化。反之,上文描述的一个单元/模块的特征和功能可以进一步划分为由多个单元/模块来具体化。It should be noted that although several units/modules or sub-units/modules of the electronic device are mentioned in the above detailed description, this division is merely exemplary and not mandatory. Indeed, the features and functions of two or more units/modules described above may be embodied in one unit/module according to embodiments of the present invention. Conversely, the features and functions of one unit/module described above may be further subdivided to be embodied by multiple units/modules.

实施例4Example 4

本实施例提供了一种计算机可读存储介质,其上存储有计算机程序,所述程序被处理器执行时实现实施例1的企业客户端的软件授权安装方法。This embodiment provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, implements the software authorization installation method of the enterprise client in Embodiment 1.

其中,可读存储介质可以采用的更具体可以包括但不限于:便携式盘、硬盘、随机存取存储器、只读存储器、可擦拭可编程只读存储器、光存储器件、磁存储器件或上述的任意合适的组合。Wherein, the readable storage medium may include, but is not limited to, a portable disk, a hard disk, a random access memory, a read-only memory, an erasable programmable read-only memory, an optical storage device, a magnetic storage device, or any of the above suitable combination.

在可能的实施方式中,本发明还可以实现为一种程序产品的形式,其包括程序代码,当所述程序产品在终端设备上运行时,所述程序代码用于使所述终端设备执行实现实施例1的企业客户端的软件授权安装方法。In a possible implementation manner, the present invention can also be implemented in the form of a program product, which includes program codes, when the program product runs on a terminal device, the program code is used to cause the terminal device to execute the implementation The software authorization installation method of the enterprise client of Embodiment 1.

其中,可以以一种或多种程序设计语言的任意组合来编写用于执行本发明的程序代码,所述程序代码可以完全地在用户设备上执行、部分地在用户设备上执行、作为一个独立的软件包执行、部分在用户设备上部分在远程设备上执行或完全在远程设备上执行。Wherein, the program code for executing the present invention can be written in any combination of one or more programming languages, and the program code can be completely executed on the user equipment, partially executed on the user equipment, as an independent The software package executes on the user's device, partly on the user's device, partly on the remote device, or entirely on the remote device.

虽然以上描述了本发明的具体实施方式,但是本领域的技术人员应当理解,这仅是举例说明,本发明的保护范围是由所附权利要求书限定的。本领域的技术人员在不背离本发明的原理和实质的前提下,可以对这些实施方式做出多种变更或修改,但这些变更和修改均落入本发明的保护范围。Although the specific embodiments of the present invention are described above, those skilled in the art should understand that this is only an illustration, and the protection scope of the present invention is defined by the appended claims. Those skilled in the art can make various changes or modifications to these embodiments without departing from the principle and essence of the present invention, but these changes and modifications all fall within the protection scope of the present invention.

Claims (12)

1. A software authorization installation method of an enterprise client is characterized by comprising the following steps:
acquiring encrypted software data;
decrypting the software data and downloading a software installation package according to the decrypted software data;
when the software installation package passes the verification, releasing a pre-configured authorization program; the authorization program is used for representing that the software installation package is installed after the authority of an administrator is obtained under the user authority operation condition;
setting and encrypting account data corresponding to the software installation package; the account data comprises an administrator account;
and sending the account data to enable the authorization program to operate the software installation package according to the administrator account.
2. The method of claim 1, wherein after the step of releasing the pre-configured authorization procedure, the method further comprises:
sending notification information to the application platform; the notification information is used for enabling the application platform to run the authorization program.
3. The method of claim 1, wherein the account data includes an administrator account password, the method further comprising:
when first prompt information sent by the authorization program is received, resetting the administrator account password; the first prompt message is used for representing that the software installation package is installed after the authorization program is started.
4. The method of claim 3, wherein the method further comprises:
when second prompt information sent by the authorization program is received, deleting the administrator account and the authorization program; the second prompt message is used for representing that the authorized program finishes installing the software installation package.
5. The method of claim 1, wherein the method further comprises:
and when the software installation package fails to pass the verification, pushing alarm information to the application platform.
6. A software authorization installation apparatus for an enterprise client, said software authorization installation system comprising:
the acquisition module is used for acquiring the encrypted software data;
the data decryption module is used for decrypting the software data and downloading a software installation package according to the decrypted software data;
the first checking module is used for releasing a pre-configured authorization program when the software installation package passes the checking; the authorization program is used for representing that the software installation package is obtained and authorized to be installed by the authority of an administrator under the condition of user authority operation;
the setting module is used for setting and encrypting account data corresponding to the software installation package; the account data includes an administrator account;
and the first sending module is used for sending the account data so that the authorization program operates the software installation package according to the administrator account.
7. The software authorization installation system of an enterprise client of claim 6, wherein the software authorization installation system further comprises:
the second sending module is used for sending notification information to the application platform; the notification information is used for enabling the application platform to run the authorization program.
8. The software authorization installation system of an enterprise client of claim 7, wherein the account data comprises an administrator account password, the software authorization installation system further comprising:
the first receiving module is used for resetting the administrator account password when receiving first prompt information sent by the authorization program; the first prompt message is used for representing that the software installation package is installed after the authorization program is started.
9. The software authorization installation system of an enterprise client of claim 8, wherein the software authorization installation system further comprises:
the second receiving module is used for deleting the administrator account and the authorization program when receiving second prompt information sent by the authorization program; the second prompt message is used for representing that the authorized program finishes installing the software installation package.
10. The software authorization installation system of an enterprise client of claim 6, wherein the software authorization installation system further comprises:
and the second checking module is used for pushing the alarm information to the application platform when the software installation package fails to check.
11. An electronic device comprising a processor, a memory, and a computer program stored on the memory and executable on the processor, the computer program being executed by the processor to perform the software authorization installation method of an enterprise client as claimed in any one of claims 1-5.
12. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out a method for software authorization installation of an enterprise client according to any one of claims 1-5.
CN202210494903.4A 2022-05-07 2022-05-07 Software authorization installation method, device, equipment and medium for enterprise client Pending CN114995838A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210494903.4A CN114995838A (en) 2022-05-07 2022-05-07 Software authorization installation method, device, equipment and medium for enterprise client

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210494903.4A CN114995838A (en) 2022-05-07 2022-05-07 Software authorization installation method, device, equipment and medium for enterprise client

Publications (1)

Publication Number Publication Date
CN114995838A true CN114995838A (en) 2022-09-02

Family

ID=83024564

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210494903.4A Pending CN114995838A (en) 2022-05-07 2022-05-07 Software authorization installation method, device, equipment and medium for enterprise client

Country Status (1)

Country Link
CN (1) CN114995838A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102567063A (en) * 2012-01-20 2012-07-11 飞天诚信科技股份有限公司 Method and device for automatically installing software
CN107181749A (en) * 2017-05-26 2017-09-19 携程旅游信息技术(上海)有限公司 The management system and method for special account information in business system
CN108958779A (en) * 2018-09-20 2018-12-07 广东美的暖通设备有限公司 Firmware upgrade management method, device and computer readable storage medium
CN109684790A (en) * 2018-12-26 2019-04-26 佛山市瑞德物联科技有限公司 Software start-up method, soft ware authorization verification method, equipment and storage medium
CN111190614A (en) * 2019-12-26 2020-05-22 北京威努特技术有限公司 Software installation method and computer equipment
US20200403883A1 (en) * 2019-06-19 2020-12-24 International Business Machines Corporation Multi-stage authorization
CN112329054A (en) * 2020-10-29 2021-02-05 广东电网有限责任公司韶关供电局 Method, device, equipment and storage medium for improving software permission
CN112597517A (en) * 2020-12-25 2021-04-02 携程旅游网络技术(上海)有限公司 Encrypted communication method, system, device and medium for installing client
CN113297595A (en) * 2021-06-09 2021-08-24 北京沃东天骏信息技术有限公司 Method and device for processing right-offering, storage medium and electronic equipment

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102567063A (en) * 2012-01-20 2012-07-11 飞天诚信科技股份有限公司 Method and device for automatically installing software
CN107181749A (en) * 2017-05-26 2017-09-19 携程旅游信息技术(上海)有限公司 The management system and method for special account information in business system
CN108958779A (en) * 2018-09-20 2018-12-07 广东美的暖通设备有限公司 Firmware upgrade management method, device and computer readable storage medium
CN109684790A (en) * 2018-12-26 2019-04-26 佛山市瑞德物联科技有限公司 Software start-up method, soft ware authorization verification method, equipment and storage medium
US20200403883A1 (en) * 2019-06-19 2020-12-24 International Business Machines Corporation Multi-stage authorization
CN111190614A (en) * 2019-12-26 2020-05-22 北京威努特技术有限公司 Software installation method and computer equipment
CN112329054A (en) * 2020-10-29 2021-02-05 广东电网有限责任公司韶关供电局 Method, device, equipment and storage medium for improving software permission
CN112597517A (en) * 2020-12-25 2021-04-02 携程旅游网络技术(上海)有限公司 Encrypted communication method, system, device and medium for installing client
CN113297595A (en) * 2021-06-09 2021-08-24 北京沃东天骏信息技术有限公司 Method and device for processing right-offering, storage medium and electronic equipment

Similar Documents

Publication Publication Date Title
US10055607B2 (en) Security layer and methods for protecting tenant data in a cloud-mediated computing network
US8230222B2 (en) Method, system and computer program for deploying software packages with increased security
US9766914B2 (en) System and methods for remote maintenance in an electronic network with multiple clients
JP6009083B2 (en) Method for providing secure app ecosystem with key and data exchange according to corporate information management policy, non-transitory computer readable medium, and mobile computing device
US9246891B1 (en) System and method for application license management in virtual environments
US8250630B2 (en) Detecting unauthorized computer access
US10911299B2 (en) Multiuser device staging
EP3356978B1 (en) Applying rights management policies to protected files
JP7532410B2 (en) System and method for maintaining immutable data access logs with privacy - Patents.com
WO2016173199A1 (en) Mobile application single sign-on method and device
US10645073B1 (en) Systems and methods for authenticating applications installed on computing devices
CN102945337A (en) On-line self-help management method and system of Subversion user password
CN108289074B (en) User account login method and device
WO2023079411A1 (en) User device authentication gateway module
US8607226B2 (en) Solution for locally staged electronic software distribution using secure removable media
US7454791B1 (en) Method and system for checking the security on a distributed computing environment
US11979411B2 (en) Control of access to computing resources implemented in isolated environments
CN113360924B (en) Data processing method, device, electronic device and medium
CN118260006A (en) Data deployment method and system based on created cloud desktop
CN114995838A (en) Software authorization installation method, device, equipment and medium for enterprise client
CN113852621A (en) License information determination method and device based on Jenkins server and storage medium
CN112597517A (en) Encrypted communication method, system, device and medium for installing client
CN107612917B (en) Method for encrypting log storage by using 3DES encryption algorithm in cloud computing environment
US10862747B2 (en) Single user device staging
CN118890157A (en) Method and device for generating SSL certificate, program product, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination