CN107248910A - Method for security protection and equipment - Google Patents

Method for security protection and equipment Download PDF

Info

Publication number
CN107248910A
CN107248910A CN201710390447.8A CN201710390447A CN107248910A CN 107248910 A CN107248910 A CN 107248910A CN 201710390447 A CN201710390447 A CN 201710390447A CN 107248910 A CN107248910 A CN 107248910A
Authority
CN
China
Prior art keywords
computing device
server
random number
terminal device
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201710390447.8A
Other languages
Chinese (zh)
Inventor
黄儒鸿
熊林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Jinli Communication Equipment Co Ltd
Original Assignee
Shenzhen Jinli Communication Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Jinli Communication Equipment Co Ltd filed Critical Shenzhen Jinli Communication Equipment Co Ltd
Priority to CN201710390447.8A priority Critical patent/CN107248910A/en
Publication of CN107248910A publication Critical patent/CN107248910A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the present application provides a kind of method for security protection and equipment.Wherein, including:Terminal device, computing device and server, wherein, computing device connects terminal device and server respectively, and methods described includes:Terminal device generates the first random number, and is sent to computing device, to be sent to server by computing device;Terminal device receives the signed data that computing device is returned, wherein, signed data is that server is sent to computing device;Public key and signed data as the input of decipherment algorithm, the second random number are obtained so as to calculate by terminal device, wherein, public key is set in advance in terminal device;Terminal device judges whether the second random number is identical with the first random number;Terminal device in the second random number and the first random number under the same conditions, it is allowed to computing device calls debugging acid to debug terminal device.The above method can avoid debugging acid from being illegally used, and ensure the safety of terminal device.

Description

Method for security protection and equipment
Technical field
The present invention relates to the communications field, more particularly to a kind of method for security protection and equipment.
Background technology
In the R&D process of terminal device simultaneously, it is often necessary to which many engineers research and develop to terminal device, moreover, Each engineer may need to use various debugging acids to debug terminal device.But, these debugging acids lead to Often there is special access right, various operations can be carried out to terminal device, even the behaviour that can be constituted a threat to the safety of terminal device Make, therefore it is necessary to ensure that debugging acid can not be used by external staff, otherwise, it will the safety to terminal device causes prestige The side of body.
In order to avoid debugging acid is illegally used, in the prior art, these debugging acids are generally by specific technology Personnel are managed, and are carried out when other engineers need to use debugging acid, it is necessary to find these specific technical staff Help, could complete the debugging to terminal device.So, the research and development progress of terminal device can be caused very slow.
The content of the invention
The embodiment of the present application provides a kind of method for security protection and equipment, and debugging acid can be avoided illegally to be made With the safety of guarantee terminal device.
First aspect there is provided a kind of method for security protection, including:Terminal device, computing device and server, its In, computing device connects terminal device and server respectively,
The terminal device generates the first random number, and is sent to the computing device, to be sent out by the computing device Give the server;
The terminal device receives the signed data that the computing device is returned, wherein, the signed data is the clothes Business device is sent to the computing device;
Public key and the signed data as the input of decipherment algorithm, second are obtained so as to calculate by the terminal device Random number, wherein, the public key is set in advance in the terminal device;
The terminal device judges whether second random number is identical with first random number;
The terminal device in second random number and first random number under the same conditions, it is allowed to it is described to calculate Equipment calls debugging acid is debugged to the terminal device.
Second aspect there is provided a kind of method for security protection, including:Terminal device, computing device and server, its In, computing device connects terminal device and server respectively,
The server receives the first random number that the computing device is sent, wherein, first random number is described Terminal device is generated and sent to the computing device;
First random number is encrypted using private key for the server, and signed data is obtained so as to calculate;
The signed data is sent to the computing device by the server, to cause the computing device by the label Name data are sent to the terminal device.
The third aspect there is provided a kind of safety features, including:Terminal device, computing device and server, its In, computing device connects terminal device and server respectively, and the terminal device includes:Generation module, receiving module, calculating Module, judge module and permission module,
The generation module is used to generate the first random number, and is sent to the computing device, to be set by the calculating Preparation gives the server;
The receiving module is used to receive the signed data that the computing device is returned, wherein, the signed data is institute State server and be sent to the computing device;
The computing module is used for public key and the signed data as the input of decipherment algorithm, is obtained so as to calculate Second random number, wherein, the public key is set in advance in the terminal device;
The judge module is used to judge whether second random number is identical with first random number;
The permission module is used in second random number and first random number under the same conditions, it is allowed to described Computing device calls debugging acid to debug the terminal device.
Fourth aspect there is provided a kind of server, the server include determining module, receiving module, computing module with And sending module,
The determining module is used to determine that the computing device is legitimate device;
The receiving module is used under conditions of it is determined that the computing device is legitimate device, receives the computing device The first random number sent, wherein, first random number is that the terminal device is generated and sent to the computing device;
The computing module is used to sign to first random number using private key, and number of signature is obtained so as to calculate According to;
The sending module is used to the signed data being sent to the computing device, to cause the computing device will The signed data is sent to the terminal device.
There is provided a kind of terminal device in terms of 5th, including:Memory, for storage program;Processor, for performing The described program of the memory storage, when described program is performed, the processor is used to perform the side such as first aspect Method.
There is provided a kind of server in terms of 6th, including:Memory, for storage program;Processor, for performing The described program of memory storage is stated, when described program is performed, the processor is used for the method for performing second aspect.
7th aspect is there is provided a kind of computer-readable recording medium, including instructs, when run on a computer, So that computer performs above-mentioned first aspect or the method described in second aspect.
In the above-mentioned methods, when computing device needs to call the debugging acid debugged to terminal device, terminal device to Computing device sends the first random number, and the first random number is sent to server by computing device.Server is set if it is determined that calculating Standby is legal, then server is signed by private key to the first random number, to obtain signed data, and signed data is returned Back to computing device.Signed data is returned to terminal device by computing device, and terminal device again will be according to public key to signed data It is decrypted, so as to obtain the second random number.Second random number and the first random number are compared by terminal device, and are being compared When determining that the first random number is equal to the second random number, it is allowed to which computing device calls debugging acid to debug terminal device.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly or in background technology, below will be to present invention implementation The accompanying drawing used required in example or background technology is illustrated.
Fig. 1 is a kind of structural representation of network architecture provided in an embodiment of the present invention;
Fig. 2 is a kind of schematic flow sheet of method for security protection provided in an embodiment of the present invention;
Fig. 3 is the schematic diagram that server provided in an embodiment of the present invention and computing device are respectively positioned on internal network;
Fig. 4 is that the internally positioned network of server provided in an embodiment of the present invention and computing device are respectively positioned on showing for external network It is intended to;
Fig. 5 is a kind of structural representation of terminal device provided in an embodiment of the present invention;
Fig. 6 is a kind of structural representation of server provided in an embodiment of the present invention;
Fig. 7 is the structural representation of another terminal device provided in an embodiment of the present invention;
Fig. 8 is the structural representation of another server provided in an embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is a part of embodiment of the invention, rather than whole embodiments.Based on this hair Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained under the premise of creative work is not made Example, belongs to the scope of protection of the invention.
It should be appreciated that ought be in this specification and in the appended claims in use, term " comprising " and "comprising" be indicated Described feature, entirety, step, operation, the presence of element and/or component, but be not precluded from one or more of the other feature, it is whole Body, step, operation, element, component and/or its presence or addition for gathering.
It is also understood that the term used in this description of the invention is merely for the sake of the mesh for describing specific embodiment And be not intended to limit the present invention.As used in description of the invention and appended claims, unless on Other situations are hereafter clearly indicated, otherwise " one " of singulative, " one " and "the" are intended to include plural form.
In order to make it easy to understand, first to the invention relates to the network architecture be introduced.As shown in figure 1, such as this The network architecture of application embodiment is related to terminal device, computing device and server.
In the embodiment of the present application, terminal device is the object of debugging.Terminal device can for logic entity, specifically may be used To be user equipment (UserEquipment), communication equipment (Communication Device) Internet of Things (Internet of Things, IoT) any one in equipment.Wherein, user equipment can be smart mobile phone (smart phone), intelligent watch (smart watch), Intelligent flat etc..Communication equipment can be server, gateway (Gateway, GW), base station and control Device etc..Internet of things equipment can be sensor, ammeter and water meter etc..Terminal device is referred to as system, Yong Hudan Member, subscriber station, movement station, mobile station, remote station, remote terminal, mobile device, user terminal, terminal, Wireless Telecom Equipment, User agent, user's set or UE (User Equipment, user equipment).Terminal device can be cell phone, wireless electricity Words, SIP (Session Initiation Protocol, session initiation protocol) phone, WLL (Wireless Local Loop, WLL) stand, PDA (Personal Digital Assistant, personal digital assistant), with radio communication function Handheld device, computing device or the other processing equipments for being connected to radio modem.
In the embodiment of the present application, computing device is the main body of debugging, and engineer can use computing device to set terminal It is standby to be debugged.Computing device can be that tablet personal computer, notebook computer and desktop computer etc. commonly use research and development instrument, also may be used To be other special research and development instruments, the application is not especially limited.
In the embodiment of the present application, server is the equipment that service is provided for computing device.The server is included but not It is limited to apps server, printing server, Web server, ftp server, e-commerce server, database service Device, real-time communication server, file server and mail server etc..Server is usually located at internal network, and, calculate Equipment can be with internally positioned network or external network.Wherein, internal network can refer to same unit (for example, company) inside Network, internal network can refer to the difference in the same local or same unit of same internal institution LAN.
In order to solve the above problems, the embodiments of the invention provide a kind of method for security protection and equipment, it can be achieved to keep away Exempt from debugging acid to be illegally used, ensure the safety of terminal device.It is described in detail individually below.
Refering to Fig. 2, the embodiment of the present application provides a kind of method for security protection.As shown in Fig. 2 the peace of the embodiment of the present application All risk insurance maintaining method includes:
101:Computing device sends first to terminal device and asked, wherein, described first asks to be used to ask using debugging Instrument is debugged to the terminal device.Correspondingly, terminal device receives the first request that computing device is sent.
In embodiments of the present invention, debugging acid is used to test problem present in terminal device progress, so that It was found that trouble point, and fault point.Debugging acid can be the special of general debugging acid or unit oneself research and development With debugging acid, the present invention is not especially limited.Debugging acid can be used for debugging the software of terminal device, can also Debug, the software and hardware of terminal device can also be debugged simultaneously for the hardware to terminal device.
102:Terminal device generates the first random number.
In embodiments of the present invention, the first random number can be true random number or pseudo random number.When first random When number is true random number, the first random number can be generated by True Random Number Generator, wherein, True Random Number Generator be used for pair Noise signal is sampled, so as to obtain true random number.When the first random number is pseudo random number, the first random number can pass through PRNG is generated, wherein, PRNG generates pseudo random number by random function.
103:First random number is sent to computing device by terminal device.Correspondingly, the computing device receives the end The first random number that end equipment is sent.
104:First random number is sent to server by computing device.Correspondingly, server receives what computing device was sent First random number.
105:Server determines that the computing device is legitimate device.If legitimate device, then into step 106.
In embodiments of the present invention, server determine the computing device be legitimate device mode include following at least two Kind:
In the first possible embodiment, when engineer is carried out in intra-company using computing device to terminal device During debugging, computing device is respectively positioned in internal network with server.For example, as shown in figure 3, computing device 4 is by interaction machine Server can be directly accessed, without being forwarded by router, so, it is believed that computing device 4 is equal with server It is in internally positioned network.Server obtains the address of computing device, and determines that computing device is according to the address of computing device Equipment in same internal network, so that it is determined that computing device is legitimate device.Wherein, address can be IP address, can also It is MAC Address etc..
In second of possible embodiment, when engineer is delegated the notebook computer that scene needs to use tyre When being debugged to terminal device, the internally positioned network of server, and the externally-located network of computing device.For example, such as Fig. 4 institutes Show, computing device 4 is needed by the in-company server of router access, so, it is believed that computing device 4 is externally-located Network, and server is in internally positioned network.
When the internally positioned network of server, and during the externally-located network of computing device, the server receives described calculate The certificate data that equipment is sent, is verified to the certificate data, is verifying logical to the certificate data Under conditions of crossing, it is legitimate device to determine the computing device.For example, computing device calculates the plaintext for needing to send by Hash Method calculates and obtains the first digest value, then, the first digest value is signed using the second private key, so as to obtain the second number of signature According to.Then, the second signed data is sent to server by computing device.Server is received after the second signed data, is used Corresponding public key is calculated plaintext, so as to obtain the second digest value.Server enters the first digest value with the second digest value Go and compare, if both are equal, it is determined that correspond to being verified for computing device.
106:Server is signed using the first private key to first random number, and the first number of signature is obtained so as to calculate According to.
In embodiments of the present invention, the first random number is calculated and obtains the 3rd digest value by server by hash algorithm, so Afterwards, the 3rd digest value is signed using the first private key, so as to obtain the first signed data.
In embodiments of the present invention, the algorithm that server is signed using private key to the first random number includes but not limited In:Ordinary numbers signature algorithm has RSA, ElGamal, Fiat-Shamir, Guillou-Quisquarter, Schnorr, Ong- Schnorr-Shamir Digital Signature Algorithms, Des/DSA, elliptic curve digital signature algorithm and finite automaton machine digital signature are calculated Method etc..
107:First signed data is sent to the computing device by server.Correspondingly, the computing device connects Receive the first signed data that the server is sent.
108:First signed data is sent to the terminal device by the computing device.Correspondingly, the terminal Equipment receives the first signed data that the computing device is sent.
109:The terminal device using public key and first signed data as decipherment algorithm input, so as to calculate The second random number is obtained, wherein, the public key is set in advance in the terminal device.
In embodiments of the present invention, after the first signed data of terminal device reception, by public key to the first nonce count Calculation obtains the 4th digest value.3rd digest value and the 4th digest value are compared by server, if both are equal, it is determined that meter Calculate the certification that equipment has passed through server.
In embodiments of the present invention, decipherment algorithm includes but is not limited to:Ordinary numbers signature algorithm have RSA, ElGamal, Fiat-Shamir, Guillou-Quisquarter, Schnorr, Ong-Schnorr-Shamir Digital Signature Algorithm, Des/ DSA, elliptic curve digital signature algorithm and finite automata Digital Signature Algorithm etc..
110:The terminal device judges whether second random number is identical with first random number.If described Two random numbers are identical with first random number, into step 111.
111:The terminal device allows the computing device to call debugging acid to debug the terminal device.
Refering to Fig. 5, Fig. 5 is a kind of structural representation of terminal device provided in an embodiment of the present invention.As shown in figure 5, this The terminal device of inventive embodiments may include:Baseband chip 210, (the one or more computer-readable storage mediums of memory 215 Matter), radio frequency (RF) module 216, peripheral system 217.These parts can communicate on one or more communication bus 214.
Peripheral system 217 is mainly used in realizing the interactive function between terminal 210 and user/external environment condition, mainly includes The input/output unit of terminal.In the specific implementation, peripheral system 217 may include:Touch screen controller 218, camera controller 219th, Audio Controller 220 and sensor management module 221.Wherein, each controller can be with each self-corresponding ancillary equipment (such as touch-screen 223, camera 224, voicefrequency circuit 225 and sensor 226) is coupled.In certain embodiments, touch-screen 223 The touch-screen of the suspension touch control panel of self-capacitance can be configured with or the suspension touch control panel of infrared-type is configured with Touch-screen.In certain embodiments, camera 124 can be 3D cameras.Explanation is needed, peripheral system 217 can be with Including other I/O peripheral hardwares.
Baseband chip 210 can it is integrated including:One or more processors 211, clock module 212 and power management module 213.The clock module 212 being integrated in baseband chip 210 is mainly used in producing data transfer and SECO for processor 211 Required clock.The power management module 213 being integrated in baseband chip 210 is mainly used in as processor 211, radio-frequency module 216 and peripheral system the voltage of stable, pinpoint accuracy is provided.
Radio frequency (RF) module 216 is used to receiving and sending radiofrequency signal, is mainly integrated with the receiver and transmitter of terminal. Radio frequency (RF) module 216 passes through radiofrequency signal and communication network and other communication apparatus communications.In the specific implementation, radio frequency (RF) mould Block 216 may include but be not limited to:Antenna system, RF transceivers, one or more amplifiers, tuner, one or more vibrations Device, digital signal processor, CODEC chips, SIM card and storage medium etc..In certain embodiments, can be on a separate chip Realize radio frequency (RF) module 216.
Memory 215 is coupled with processor 111, for storing various software programs and/or multigroup instruction.Implement In, memory 215 may include the memory of high random access, and may also comprise nonvolatile memory, such as one or Multiple disk storage equipments, flash memory device or other non-volatile solid-state memory devices.Memory 215 can store an operating system (following abbreviation systems), the embedded OS such as such as ANDROID, IOS, WINDOWS, or LINUX.Memory 115 is also Network communication program can be stored, the network communication program can be used for and one or more optional equipments, one or more terminals Equipment, one or more network equipments are communicated.Memory 215 can also store user interface program, the user interface journey Sequence can be shown the content image of application program is true to nature by patterned operation interface, and pass through menu, dialogue The input control such as frame and button receives control operation of the user to application program.
Memory 215 can also store one or more application programs.As shown in figure 5, these application programs may include:Society Friendship application program (such as Facebook), image management application (such as photograph album), map class application program (such as Google Figure), browser (such as Safari, Google Chrome) etc..
It should be appreciated that terminal is only an example provided in an embodiment of the present invention, also, terminal can have the portion than showing The more or less parts of part, can combine two or more parts, or the different configurations can with part are realized.
Terminal device in Fig. 5 can perform the specific steps of terminal device in method for security protection as shown in Figure 2, tool Body refers to Fig. 2 and related embodiment, herein not reinflated description.
Refering to Fig. 6, Fig. 6 is a kind of structural representation of server provided in an embodiment of the present invention.As shown in fig. 6, this hair The server of bright embodiment may include:Transmitter 303, receiver 304, memory 302 and the processor coupled with memory 302 301 (quantity of processor 301 can be one or more, in Fig. 6 by taking a processor as an example).Transmitter 303, receiver 304th, memory 302 and processor 301 can be by buses or other manner connection (in Fig. 6 exemplified by being connected by bus). Wherein, transmitter 303 is used to send data to outside, and receiver 304 is used for from external reception data.Memory 302 is used to deposit Program code is stored up, processor 301 is used to call and run the program code being stored in memory 302.
Server in Fig. 6 can perform the specific steps of server in method for security protection as shown in Figure 2, specifically please Refering to Fig. 6 and related embodiment, herein not reinflated description.
Refering to Fig. 7, Fig. 7 is a kind of structural representation of terminal device provided in an embodiment of the present invention.As shown in fig. 7, eventually End equipment includes:Generation module 701, receiving module 702, computing module 703, judge module 704 and permission module 705.
The generation module 701 is used to generate the first random number, and is sent to the computing device, to be calculated by described Equipment is sent to the server;
The receiving module 702 is used to receive the signed data that the computing device is returned, wherein, the signed data is The server is sent to the computing device;
The computing module 703 be used for using public key and the signed data as decipherment algorithm input, so as to calculate The second random number is obtained, wherein, the public key is set in advance in the terminal device;
The judge module 704 is used to judge whether second random number is identical with first random number;
The permission module 705 is used in second random number and first random number under the same conditions, it is allowed to The computing device calls debugging acid to debug the terminal device.
Explanation is needed, by the detailed description of the embodiment of earlier figures 2, those skilled in the art are clear that end The implementation method for each functional module that end equipment 70 is included, thus it is succinct for specification, it will not be described in detail herein.
Refering to Fig. 8, Fig. 8 is a kind of structural representation of server provided in an embodiment of the present invention.As shown in figure 8, service Server described in device 80 includes determining module 801, receiving module 802, computing module 803 and sending module 804.
The determining module 801 is used to determine that the computing device is legitimate device;
The receiving module 802 is used under conditions of it is determined that the computing device is legitimate device, receives described calculate Equipment send the first random number, wherein, first random number be the terminal device generate and send to it is described calculating set Standby;
The computing module 803 is used to first random number is encrypted using private key, is signed so as to calculate Data;
The sending module 804 is used to the signed data being sent to the computing device, to cause the calculating to set It is standby that the signed data is sent to the terminal device.
Explanation is needed, by the detailed description of the embodiment of earlier figures 2, those skilled in the art are clear that clothes The implementation method of each functional module that business device 80 is included, thus it is succinct for specification, it will not be described in detail herein.
The computer-readable recording medium can be the internal storage unit of the terminal described in foregoing any embodiment, example Such as the hard disk or internal memory of terminal.The computer-readable recording medium can also be the External memory equipment of the terminal, for example The plug-in type hard disk being equipped with the terminal, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card) etc..Further, the computer-readable recording medium can also be wrapped both Including the internal storage unit of the terminal also includes External memory equipment.The computer-readable recording medium is used to store described Other programs and data needed for computer program and the terminal.The computer-readable recording medium can be also used for temporarily When store the data that has exported or will export.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein Member and algorithm steps, can be realized with electronic hardware, computer software or the combination of the two, in order to clearly demonstrate hardware With the interchangeability of software, the composition and step of each example are generally described according to function in the above description.This A little functions are performed with hardware or software mode actually, depending on the application-specific and design constraint of technical scheme.Specially Industry technical staff can realize described function to each specific application using distinct methods, but this realization is not It is considered as beyond the scope of this invention.
It is apparent to those skilled in the art that, for convenience of description and succinctly, the end of foregoing description The specific work process at end, server and unit, may be referred to the corresponding process in preceding method embodiment, no longer go to live in the household of one's in-laws on getting married herein State.
, can in several embodiments provided herein, it should be understood that disclosed terminal, server and method To realize by another way.For example, device embodiment described above is only schematical, for example, the unit Division, only a kind of division of logic function can have other dividing mode when actually realizing, such as multiple units or group Part can combine or be desirably integrated into another system, or some features can be ignored, or not perform.In addition, it is shown or The coupling each other discussed or direct-coupling or communication connection can be the indirect couplings by some interfaces, device or unit Close or communication connection or electricity, mechanical or other forms are connected.
The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected to realize scheme of the embodiment of the present invention according to the actual needs Purpose.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, can also It is that unit is individually physically present or two or more units are integrated in a unit.It is above-mentioned integrated Unit can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit is realized using in the form of SFU software functional unit and as independent production marketing or used When, it can be stored in a computer read/write memory medium.Understood based on such, technical scheme is substantially The part contributed in other words to prior art, or all or part of the technical scheme can be in the form of software product Embody, the computer software product is stored in a storage medium, including some instructions are to cause a computer Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment methods described of the invention Portion or part steps.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey The medium of sequence code.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, various equivalent modifications can be readily occurred in or replaced Change, these modifications or substitutions should be all included within the scope of the present invention.Therefore, protection scope of the present invention should be with right It is required that protection domain be defined.

Claims (10)

1. a kind of method for security protection, it is characterised in that including:Terminal device, computing device and server, wherein, calculate Equipment connects terminal device and server respectively,
The terminal device generates the first random number, and is sent to the computing device, to be sent to by the computing device The server;
The terminal device receives the signed data that the computing device is returned, wherein, the signed data is the server It is sent to the computing device;
The terminal device is using public key and the signed data as the input of decipherment algorithm, so as to calculate, to obtain second random Number, wherein, the public key is set in advance in the terminal device;
The terminal device judges whether second random number is identical with first random number;
The terminal device in second random number and first random number under the same conditions, it is allowed to the computing device Debugging acid is called to debug the terminal device.
2. according to the method described in claim 1, it is characterised in that the computing device is respectively positioned on in-house network with the server In network.
3. according to the method described in claim 1, it is characterised in that the externally-located network () of computing device, the service The internally positioned network of device, also, the computing device passes through the authentication of the server.
4. a kind of method for security protection, it is characterised in that including:Terminal device, computing device and server, wherein, calculate Equipment connects terminal device and server respectively,
The server determines that the computing device is legitimate device;
The server receives the computing device is sent first under conditions of it is determined that the computing device is legitimate device Random number, wherein, first random number is that the terminal device is generated and sent to the computing device;
The server is signed using private key to first random number, and signed data is obtained so as to calculate;
The signed data is sent to the computing device by the server, to cause the computing device by the number of signature According to being sent to the terminal device.
5. method according to claim 4, it is characterised in that the computing device is respectively positioned on in-house network with the server In network, the server determines that the computing device is that legitimate device includes:
The server obtains the address of the computing device;
The server determines that the computing device is legitimate device according to the address of the computing device.
6. method according to claim 4, it is characterised in that the externally-located network of computing device, the server Internally positioned network, the server determines that the computing device is that legitimate device includes:
The server receives the certificate data that the computing device is sent;
The server is verified to the certificate data;
The server to the certificate data under conditions of being verified, and it is legal set to determine the computing device It is standby.
7. a kind of safety features, it is characterised in that including:Terminal device, computing device and server, wherein, calculate Equipment connects terminal device and server respectively, and the terminal device includes:Generation module, receiving module, computing module, sentence Disconnected module and permission module,
The generation module is used to generate the first random number, and is sent to the computing device, to be sent out by the computing device Give the server;
The receiving module is used to receive the signed data that the computing device is returned, wherein, the signed data is the clothes Business device is sent to the computing device;
The computing module is used for public key and the signed data as the input of decipherment algorithm, and second is obtained so as to calculate Random number, wherein, the public key is set in advance in the terminal device;
The judge module is used to judge whether second random number is identical with first random number;
The permission module is used in second random number and first random number under the same conditions, it is allowed to described to calculate Equipment calls debugging acid is debugged to the terminal device.
8. a kind of server, it is characterised in that the server includes determining module, receiving module, computing module and transmission Module,
The determining module is used to determine that the computing device is legitimate device;
The receiving module is used under conditions of it is determined that the computing device is legitimate device, receives the computing device and sends The first random number, wherein, first random number is that the terminal device is generated and sent to the computing device;
The computing module is used to first random number is encrypted using private key, and signed data is obtained so as to calculate;
The sending module is used to the signed data being sent to the computing device, to cause the computing device described Signed data is sent to the terminal device.
9. server according to claim 8, it is characterised in that the computing device is respectively positioned on inside with the server In network, the determining module is used for the address for obtaining the computing device, and determines institute according to the address of the computing device It is legitimate device to state computing device.
10. server according to claim 9, it is characterised in that the server also includes authentication module, the determination Module specifically for:
The certificate data is verified;
Under conditions of being verified to the certificate data, it is legitimate device to determine the computing device.
CN201710390447.8A 2017-05-26 2017-05-26 Method for security protection and equipment Withdrawn CN107248910A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710390447.8A CN107248910A (en) 2017-05-26 2017-05-26 Method for security protection and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710390447.8A CN107248910A (en) 2017-05-26 2017-05-26 Method for security protection and equipment

Publications (1)

Publication Number Publication Date
CN107248910A true CN107248910A (en) 2017-10-13

Family

ID=60017675

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710390447.8A Withdrawn CN107248910A (en) 2017-05-26 2017-05-26 Method for security protection and equipment

Country Status (1)

Country Link
CN (1) CN107248910A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109063491A (en) * 2018-06-01 2018-12-21 福建联迪商用设备有限公司 A kind of POS machine imports method, terminal and the system of customer information
CN110457908A (en) * 2019-08-13 2019-11-15 山东爱德邦智能科技有限公司 A kind of firmware upgrade method of smart machine, device, equipment and storage medium
CN111813614A (en) * 2020-09-03 2020-10-23 湖北芯擎科技有限公司 Debugging processing method and device and debugging processing system
CN111886585A (en) * 2018-03-27 2020-11-03 华为技术有限公司 Terminal device, debugging card and debugging method

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111886585A (en) * 2018-03-27 2020-11-03 华为技术有限公司 Terminal device, debugging card and debugging method
CN109063491A (en) * 2018-06-01 2018-12-21 福建联迪商用设备有限公司 A kind of POS machine imports method, terminal and the system of customer information
CN109063491B (en) * 2018-06-01 2021-05-04 福建联迪商用设备有限公司 Method, terminal and system for importing customer information by POS machine
CN110457908A (en) * 2019-08-13 2019-11-15 山东爱德邦智能科技有限公司 A kind of firmware upgrade method of smart machine, device, equipment and storage medium
CN111813614A (en) * 2020-09-03 2020-10-23 湖北芯擎科技有限公司 Debugging processing method and device and debugging processing system

Similar Documents

Publication Publication Date Title
CN111314274B (en) Vehicle-mounted terminal and center platform bidirectional authentication method and system
CN112822181A (en) Verification method of cross-chain transaction, terminal device and readable storage medium
CN105721413A (en) Service processing method and apparatus
CN107248910A (en) Method for security protection and equipment
EP2961094A1 (en) System and method for generating a random number
CN106792637B (en) International mobile equipment identification number wiring method, device and mobile terminal
CN105262773B (en) A kind of verification method and device of Internet of things system
CN105490711A (en) Bluetooth automatic connection method, master device, slave device, and system
CN107743067A (en) Awarding method, system, terminal and the storage medium of digital certificate
CN103457729A (en) Safety equipment, service terminal and encryption method
CN109509099A (en) Data trade method and device calculates equipment, storage medium
CN110190958A (en) A kind of auth method of vehicle, device, electronic equipment and storage medium
CN109145649A (en) Method for processing video frequency, certificates constructing method and related device based on law enforcement terminal
CN111404706A (en) Application downloading method, secure element, client device and service management device
CN114040411B (en) Equipment binding method and device, electronic equipment and storage medium
CN114463012A (en) Authentication method, payment method, device and equipment
CN109495885A (en) Authentication method, mobile terminal, management system and Bluetooth IC
CN111431706B (en) Method, system and equipment for improving SM4 algorithm speed by using FPGA logic
CN107437997B (en) Radio frequency communication device and method
CN105681256A (en) Audio communication method and audio communication application device
CN115344848B (en) Identification acquisition method, device, equipment and computer readable storage medium
CN105144181B (en) Sign position
CN113609156B (en) Data query and write method and device, electronic equipment and readable storage medium
CN114095277A (en) Power distribution network secure communication method, secure access device and readable storage medium
CN114119003A (en) Method and device for realizing off-line payment service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20171013