[go: up one dir, main page]

WO2018033016A1 - Procédé et système autorisant la conversion d'un état de terminal - Google Patents

Procédé et système autorisant la conversion d'un état de terminal Download PDF

Info

Publication number
WO2018033016A1
WO2018033016A1 PCT/CN2017/096834 CN2017096834W WO2018033016A1 WO 2018033016 A1 WO2018033016 A1 WO 2018033016A1 CN 2017096834 W CN2017096834 W CN 2017096834W WO 2018033016 A1 WO2018033016 A1 WO 2018033016A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
state
authentication
server
data
Prior art date
Application number
PCT/CN2017/096834
Other languages
English (en)
Chinese (zh)
Inventor
陈菲菲
孟陆强
Original Assignee
福建联迪商用设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 福建联迪商用设备有限公司 filed Critical 福建联迪商用设备有限公司
Publication of WO2018033016A1 publication Critical patent/WO2018033016A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method and system for authorizing the transition of a terminal state.
  • the terminal needs to introduce a digital signature scheme, which is preset in the terminal.
  • the root public key certificate can be downloaded to the terminal only by the program signed with the private key corresponding to the work public key certificate of the root public key certificate.
  • the program downloaded to the terminal must be signed, which is greatly inconvenient for application developer debugging.
  • the terminal has a debugging state, and the application can be downloaded to the terminal without signing.
  • the inventor provides a method for authorizing the conversion of the state of the terminal, and the technical solution is as follows:
  • a method for authorizing a transition of a terminal state wherein the server obtains an authentication account, and the server determines whether the authentication account has a conversion authority; if yes, the server obtains terminal information and data to be authenticated from the terminal; The authentication data is encrypted by using the authentication private key to generate authentication data, and the server sends the authentication data to the terminal; the terminal authenticates the authentication data, and if the authentication passes, the terminal status is converted.
  • the terminal state includes a usage state and a debug state, and the terminal does not save the application and the key in the usage state and the debug state; the terminal switches from the usage state to the debug state, and the terminal clears the key of the terminal in the usage state.
  • the terminal switches from the debug state to the use state, and the terminal clears the application and the key of the terminal in the debug state.
  • the terminal pops up the prompt that the terminal is in the debug state.
  • the prompt includes: displaying, by the terminal, a watermark or popping up an alert box every preset time interval.
  • the terminal information is a terminal serial number
  • the to-be-certified data is a combination of a terminal motherboard serial number and a random number.
  • the beneficial effects of the present invention are: when the program developer wants to debug the terminal or some applications, the program developer can log in with the authorized account, and directly realize the conversion between the use state and the debug state of the terminal. Simple and convenient, it greatly helps the application developer to debug, and the account needs to be converted before the server is authenticated. It is ensured that the operation of the terminal state transition is a legal action approved by the server, and after the program developer has finished debugging, the terminal can be returned to the use state in time, and the security of the terminal is also ensured.
  • the inventor also provides a system for authorizing the conversion of the state of the terminal, and the technical solution is as follows:
  • a system for authorizing a terminal status conversion characterized in that an account authentication module is used for a server to obtain an authentication account, and the server determines whether the authentication account has a conversion authority, and if so, the server obtains terminal information and waits from the terminal.
  • the authentication data is used by the server to encrypt the data to be authenticated by using the authentication private key to generate authentication data, the server sends the authentication data to the terminal, and the state conversion module is configured to perform the authentication data on the terminal. Authentication, if the authentication is passed, the terminal status is converted.
  • the state transition module is further configured to: the terminal state includes a usage state and a debug state, the terminal does not save the application and the key in the usage state and the debug state; and the terminal switches from the usage state to the debugging The terminal clears the key of the terminal in the use state; the terminal switches from the debug state to the use state, and the terminal clears the application and the key of the terminal in the debug state.
  • the terminal pops up the prompt that the terminal is in the debug state.
  • the prompt includes: displaying, by the terminal, a watermark or popping up an alert box every preset time interval.
  • the terminal information is a terminal serial number
  • the to-be-certified data is a combination of a terminal motherboard serial number and a random number.
  • the beneficial effects of the present invention are: when the program developer wants to debug the terminal or some applications, the program developer can log in with the authorized account, and directly realize the conversion between the use state and the debug state of the terminal. Simple and convenient, it greatly helps the application developer to debug, and the account needs to be converted before the server is authenticated. It is ensured that the operation of the terminal state transition is a legal action approved by the server, and after the program developer has finished debugging, the terminal can be returned to the use state in time, and the security of the terminal is also ensured.
  • FIG. 1 is a flowchart of a method for authorizing conversion of a terminal state according to the present invention
  • FIG. 2 is a block diagram of a system for authorizing a state transition of a terminal according to the present invention.
  • a state transition tool is used to change the state of the terminal.
  • the state transition tool includes: a server interaction module and a terminal interaction module, where the terminal interaction module is used on the terminal, and is mainly used to obtain information from the terminal. And sending information to the terminal, wherein the server interaction module is on the server, and is mainly used to obtain information from the server and send information to the server.
  • Step S101 Log in using the account password; first, the terminal device and the server are to be networked. Secondly, in this embodiment, a specific APP is installed on the terminal device. In the APP login interface, the application developer needs to input the account password to log in to the system; Password login system, the server will make permission judgment on the account password to ensure the legality of the account.
  • the specific URL can also be directly input through the browser, and the application developer is required to input the account password to log in to the system;
  • the server stores all valid account passwords, as well as the permissions corresponding to those accounts.
  • step S102 the server determines whether the account has the authority to switch the terminal state.
  • the specific steps are as follows: the application developer inputs the account password, and the server obtains the account password input by the application developer, and determines whether the account password is stored in the server. If it is stored in the server, the application developer successfully logs in to the system, and the server further obtains the authority of the account to determine whether the account has permission to switch the terminal status. The authority to authenticate the account and password through the server ensures the legality of subsequent state transitions.
  • the server obtains the terminal information and the data to be authenticated from the terminal; if the server determines that the account has the right to switch the terminal status, the terminal interaction module acquires the terminal information and the to-be-authenticated from the terminal.
  • Data the terminal information refers to a terminal serial number
  • the data to be authenticated is a serial number of the motherboard and a random number, wherein the serial number of the motherboard of each terminal is unique.
  • the random number is a random number of 16 bytes. In other embodiments, the random number can be other The number of letters or characters can be used.
  • the server interaction module sends the data to the server. The uniqueness of the data to be authenticated is ensured by using a combination of the motherboard serial number and the random number having the uniquely identified terminal.
  • step S104 the server authenticates the terminal information and generates authentication data.
  • the server determines the legality of the terminal information, and after determining that it is legal, the server uses the authentication private key to authenticate.
  • the data is encrypted, the authentication data is generated, and the authentication data is sent to the server interaction module.
  • the server judges the terminal information, it not only judges its legitimacy, but also according to The terminal information encrypts the authentication data using a private key corresponding to the terminal.
  • the public key used by each terminal is the same for convenience and versatility, so the server only needs to judge the legitimacy of the terminal information, and the server uses the universal private key. Encrypt the authentication data.
  • step S105 the server sends the generated authentication data to the terminal, and the terminal interaction module sends the authentication data to the terminal.
  • Step S106 The terminal authenticates the authentication data.
  • the authentication on the side refers to the terminal obtaining the plaintext by decrypting the received authentication data, and comparing the plaintext with the data to be authenticated by the terminal. If the same, the server passes the same.
  • the authentication of the terminal is approved by the terminal, and the account recognized by the server can be converted to the state of the terminal.
  • the specific authentication step is as follows: the terminal decrypts the authentication data by using the public key, because the server uses the private key corresponding to the terminal to encrypt the authentication data, so the terminal can decrypt successfully, and after decryption succeeds, determine whether the decrypted data is successful. It is the data to be authenticated of the terminal. If yes, the authentication is passed.
  • step S107 the terminal can be switched to the state; the terminal interaction module sends the state to be converted to the terminal, and the terminal switches to the corresponding state. Send through the terminal interaction module
  • the state of the change is given to the terminal, the whole process is transparent to the application developer, and the conversion process is automatically completed, which greatly improves the state transition speed and facilitates the application developer.
  • the application and the key on the device are all cleared; similarly, the terminal is dense from the use state to the debug state. The keys will also be cleared completely.
  • the terminal transitions from the usage state to the debug state, security is ensured in order to prevent the user from entering a personal PIN on it.
  • the interface of the debug state is obviously different from the state of use.
  • a warning box or a watermark pops up every few seconds to prompt the user that the terminal is in the debug state, so that the user does not input the personal PIN on the terminal.
  • a scheme for authorizing a system for converting a terminal state is as follows:
  • the system includes 20: a server 201 and a terminal 202, the server 201 includes an account authentication module 2010 and an information encryption module 2011, and the terminal 202 includes a state conversion module 2020, wherein
  • the application developer uses the account password to log in to the system, and logs in to the system through the account password.
  • the server will determine the account password and ensure the account. legality.
  • the specific URL can also be directly input through the browser, and the application developer is required to input the account password to log in to the system;
  • the server stores all legal account passwords, and also includes the rights corresponding to the accounts.
  • the application developer inputs the account password, and the server obtains the account password input by the application developer, and determines whether the account password is stored in the server.
  • the application developer successfully logs in to the system, and the server further obtains the authority of the account to determine whether the account has permission to switch the terminal status.
  • the subsequent authentication is ensured by the server's authority authentication of the account password.
  • the legality of the conversion If yes, the terminal interaction module obtains the terminal information and the data to be authenticated from the terminal, where the terminal information refers to the terminal serial number, and the data to be authenticated is the serial number of the motherboard and the random number, wherein the serial number of the motherboard of each terminal is unique.
  • the random number is a 16-byte random number. In other embodiments, the random number may be a letter or a character of other digits.
  • the server interaction module sends the data to the server.
  • the uniqueness of the data to be authenticated is ensured by using a combination of the motherboard serial number and the random number having the uniquely identified terminal.
  • the server authenticates the terminal information and generates authentication data. After the server obtains the terminal information, it determines the legality of the terminal information, and determines that it is legal. The server then uses the authentication private key to encrypt the authentication data. The data is authenticated and the authentication data is sent to the server interaction module. By using the private key to encrypt the authentication data, it is ensured that the generated authentication data is not intercepted by other illegal persons in the process of data transmission, and it is impersonated as a legitimate server to deceive the terminal and cause security problems.
  • the server judges the terminal information, it not only judges its legitimacy, but also according to The terminal information encrypts the authentication data using a private key corresponding to the terminal.
  • the public key used by each terminal is the same for convenience and versatility, so the server only needs to judge the legitimacy of the terminal information, and the server uses the universal private key. Encrypt the authentication data.
  • the server sends the generated authentication data to the terminal; the terminal interaction module sends the authentication data to the terminal.
  • the terminal it is used by the terminal to authenticate the authentication data.
  • the authentication on the side refers to the terminal decrypting the received authentication data to obtain the plaintext. If the plaintext is the same as the data to be authenticated, the server passes the terminal.
  • the authentication of the terminal is approved by the terminal, and the account recognized by the server can be converted to the state of the terminal.
  • the specific certification is as follows: the terminal uses public key pair authentication The data is decrypted, because the server uses the private key corresponding to the terminal to encrypt the authentication data, so the terminal can decrypt successfully. After the decryption succeeds, it is determined whether the decrypted data is the data to be authenticated of the terminal, and if so, Then the certification is passed.
  • the terminal can be switched to the terminal; the terminal interaction module sends the state to be converted to the terminal, and the terminal switches to the corresponding state.
  • the whole process is transparent to the application developer, and the conversion process is automatically completed, which greatly improves the state conversion speed and facilitates the application developer.
  • the application and the key on the device are all cleared; similarly, the terminal is dense from the use state to the debug state. The keys will also be cleared completely.
  • the terminal transitions from the usage state to the debug state, security is ensured in order to prevent the user from entering a personal PIN on it.
  • the interface of the debug state is obviously different from the state of use.
  • a warning box or a watermark pops up every few seconds to prompt the user that the terminal is in the debug state, so that the user does not input the personal PIN on the terminal.
  • the computer device includes but is not limited to: a personal computer, a server, a general purpose computer, a special purpose computer, a network device, an embedded device, a programmable device, a smart mobile terminal, a smart home device, a wearable smart device, a vehicle smart device, and the like;
  • the storage medium includes, but is not limited to, a RAM, a ROM, a magnetic disk, a magnetic tape, an optical disk, a flash memory, a USB flash drive, a mobile hard disk, a memory card, a memory stick, a network server storage, a network cloud storage, and the like.
  • the computer program instructions can also be stored in a computer device readable memory that can direct the computer device to operate in a particular manner, such that instructions stored in the computer device readable memory produce an article of manufacture comprising the instruction device, the instruction device being implemented in the process Figure One or more processes and/or block diagrams of the functions specified in a block or blocks.
  • These computer program instructions can also be loaded onto a computer device such that a series of operational steps are performed on the computer device to produce computer-implemented processing, such that instructions executed on the computer device are provided for implementing one or more processes in the flowchart And/or block diagram of the steps of a function specified in a box or blocks.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

La présente invention se rapporte au domaine technique des communications. L'invention concerne un procédé et un système autorisant la conversion d'un état de terminal. Le procédé autorisant la conversion d'un état de terminal comprend les principale étapes suivantes : un serveur obtient un compte d'authentification, et détermine si le compte d'authentification a une autorité de conversion ; si tel est le cas, le serveur obtient d'un terminal des informations de terminal et des données devant être authentifiées ; le serveur chiffre les données devant être authentifiées, à l'aide d'une clé privée d'authentification, de sorte à générer des données d'authentification, et envoie les données d'authentification au terminal ; et le terminal authentifie les données d'authentification, et convertit un état de terminal si l'authentification est concluante. Un développeur d'application peut se connecter au moyen d'un compte autorisé et convertit directement un terminal entre un état d'utilisation et un état de débogage. Le procédé et le système sont simples et pratiques, et aident le développeur dans la tâche de débogage.
PCT/CN2017/096834 2016-08-18 2017-08-10 Procédé et système autorisant la conversion d'un état de terminal WO2018033016A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610683354.XA CN106330877B (zh) 2016-08-18 2016-08-18 一种授权对终端状态进行转换的方法和系统
CN201610683354.X 2016-08-18

Publications (1)

Publication Number Publication Date
WO2018033016A1 true WO2018033016A1 (fr) 2018-02-22

Family

ID=57743156

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/096834 WO2018033016A1 (fr) 2016-08-18 2017-08-10 Procédé et système autorisant la conversion d'un état de terminal

Country Status (2)

Country Link
CN (1) CN106330877B (fr)
WO (1) WO2018033016A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106330877B (zh) * 2016-08-18 2019-07-05 福建联迪商用设备有限公司 一种授权对终端状态进行转换的方法和系统
CN109885374B (zh) * 2019-02-28 2022-06-03 北京小米移动软件有限公司 一种界面显示处理方法、装置、移动终端和存储介质
TWI818221B (zh) * 2020-12-31 2023-10-11 新唐科技股份有限公司 可認證晶片外部除錯功能韌體程式與除錯使用者的晶片與方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103581201A (zh) * 2013-11-15 2014-02-12 华为技术有限公司 认证授权方法和装置
CN105095970A (zh) * 2014-04-25 2015-11-25 阿里巴巴集团控股有限公司 第三方应用的执行方法及系统
CN105471847A (zh) * 2015-11-16 2016-04-06 浙江宇视科技有限公司 一种用户信息的管理方法和装置
CN106330877A (zh) * 2016-08-18 2017-01-11 福建联迪商用设备有限公司 一种授权对终端状态进行转换的方法和系统
CN106713321A (zh) * 2016-12-26 2017-05-24 中国银联股份有限公司 一种针对销售终端调试功能的权限管理方法及装置

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102621949B (zh) * 2012-03-09 2014-03-19 电信科学技术研究院 远程监控装置和方法
CN103856562B (zh) * 2014-02-26 2019-04-30 福建星网视易信息系统有限公司 http协议下的终端状态缓存方法及装置
CN105142139B (zh) * 2014-05-30 2019-02-12 北京奇虎科技有限公司 验证信息的获取方法及装置
CN105117665B (zh) * 2015-07-16 2017-10-31 福建联迪商用设备有限公司 一种终端产品模式与开发模式安全切换的方法及系统
CN105120066B (zh) * 2015-07-16 2017-12-08 福建联迪商用设备有限公司 一种终端产品模式与开发模式安全切换的方法及系统
CN105721426B (zh) * 2016-01-05 2019-03-05 向三名 终端设备的访问授权方法、服务器、目标终端设备及系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103581201A (zh) * 2013-11-15 2014-02-12 华为技术有限公司 认证授权方法和装置
CN105095970A (zh) * 2014-04-25 2015-11-25 阿里巴巴集团控股有限公司 第三方应用的执行方法及系统
CN105471847A (zh) * 2015-11-16 2016-04-06 浙江宇视科技有限公司 一种用户信息的管理方法和装置
CN106330877A (zh) * 2016-08-18 2017-01-11 福建联迪商用设备有限公司 一种授权对终端状态进行转换的方法和系统
CN106713321A (zh) * 2016-12-26 2017-05-24 中国银联股份有限公司 一种针对销售终端调试功能的权限管理方法及装置

Also Published As

Publication number Publication date
CN106330877A (zh) 2017-01-11
CN106330877B (zh) 2019-07-05

Similar Documents

Publication Publication Date Title
KR102328725B1 (ko) 하나의 장치를 이용하여 다른 장치를 언로크하는 방법
US10469469B1 (en) Device-based PIN authentication process to protect encrypted data
TWI809292B (zh) 資料的加解密方法、裝置、存儲介質及加密文件
CN116097615B (zh) 使用密钥协商的认证
JP6911122B2 (ja) 端末の攻撃警告メッセージログを取得する権限付与方法およびシステム
WO2019020051A1 (fr) Procédé et appareil d'authentification de sécurité
US20120290833A1 (en) Certificate Blobs for Single Sign On
WO2016054905A1 (fr) Procédé de traitement de données
WO2018033017A1 (fr) Procédé et système de conversion d'état de terminal pour octroi de crédit
CN106411884A (zh) 一种数据存储加密的方法及装置
JP2017530636A (ja) 認証スティック
WO2018033016A1 (fr) Procédé et système autorisant la conversion d'un état de terminal
GB2501069A (en) Authentication using coded images to derive an encrypted passcode
CN106953731B (zh) 一种终端管理员的认证方法及系统
JP2021111925A (ja) 電子署名システム
CN105873043B (zh) 一种用于移动终端的网络私匙的生成及应用方法及其系统
WO2018040881A1 (fr) Procédé et système d'autorisation de suppression d'alarme anti-attaque pour terminal
CN105430022A (zh) 一种数据输入控制方法和终端设备
CN108960385A (zh) 基于多重秘钥加密的二维码生成及验证方法和系统
CN107070648B (zh) 一种密钥保护方法及pki系统
CN110968878A (zh) 信息传输方法、系统、电子设备及可读介质
WO2017107642A1 (fr) Système, appareil et procédé de traitement de texte pour un procédé de saisie sécurisée
CN113536238A (zh) 一种基于密码技术的软件使用授权认证方法、系统及相关产品
WO2018040883A1 (fr) Procédé et système de réglage sécurisé du temps système d'un terminal
KR101760069B1 (ko) 데이터 암호화를 통한 인증방법 및 시스템

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17840990

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17840990

Country of ref document: EP

Kind code of ref document: A1