CN108683508B - Mobile terminal information authentication method based on equipment fingerprint - Google Patents
Mobile terminal information authentication method based on equipment fingerprint Download PDFInfo
- Publication number
- CN108683508B CN108683508B CN201810450338.5A CN201810450338A CN108683508B CN 108683508 B CN108683508 B CN 108683508B CN 201810450338 A CN201810450338 A CN 201810450338A CN 108683508 B CN108683508 B CN 108683508B
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- equipment
- information
- authentication
- fingerprint information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention provides a mobile terminal information authentication method based on equipment fingerprints, which comprises the following steps: after the application of the mobile terminal is installed and started, acquiring the equipment fingerprint information of the mobile terminal and uploading the information to a service background; the service background uses the equipment fingerprint information as an identification public key based on an identification cryptosystem to generate a corresponding private key; adding the mobile terminal into a trusted access equipment list; when the mobile terminal needs to log in an application, the authentication data is encrypted by using the equipment fingerprint information and then uploaded to a service background; decrypting the authentication data uploaded by the mobile terminal by using the private key to obtain an equipment authentication code; if the current mobile terminal is judged not to be in the trusted access equipment list according to the equipment authentication code, broadcasting the information that the fingerprint of the equipment is invalid; and if the current mobile terminal is in the trusted access equipment list, passing the information authentication. The invention can improve the safety of the information authentication of the mobile terminal.
Description
Technical Field
The invention relates to the field of mobile communication, in particular to a mobile terminal information authentication method based on equipment fingerprints.
Background
With the wide popularization of mobile terminals, the internet of things technology is increasingly applied to various fields of production, work and life. However, since a considerable number of mobile terminals currently adopt an open-source-based general operating system, security holes and hidden dangers exist, and meanwhile, the mobile terminals generally lack comprehensive and professional information security protection during design, so that the mobile applications have many hidden dangers in the aspect of security.
Disclosure of Invention
Based on this, an object of the embodiments of the present invention is to provide a mobile terminal information authentication method based on device fingerprints, so as to improve security of mobile terminal information authentication.
In order to achieve the purpose, the embodiment of the invention adopts the following technical scheme:
a mobile terminal information authentication method based on device fingerprints comprises the following steps:
after the application of the mobile terminal is installed and started, acquiring the equipment fingerprint information of the mobile terminal, and uploading the information to a service background through the mobile Internet;
after the service background collects the device fingerprint information of the mobile terminal, the device fingerprint information is used as an identification public key based on an identification cryptosystem to generate a corresponding private key;
the service platform adds the mobile terminal into a trusted access equipment list;
when the mobile terminal needs to log in an application, the authentication data is encrypted by using the equipment fingerprint information and then uploaded to a service background;
in a service background, decrypting authentication data uploaded by the mobile terminal by using the private key to obtain an equipment authentication code;
if the current mobile terminal is judged not to be in the trusted access equipment list stored in the background server according to the equipment authentication code, broadcasting the information of fingerprint invalidation of the equipment; and if the current mobile terminal is in the trusted access equipment list, passing the information authentication.
Further, the device fingerprint information is that the mobile terminal obtains a unique device identifier according to random performance generated in the device manufacturing process.
The method comprises the steps that device fingerprint information is used as an identification public key based on an identification cryptosystem, and a corresponding private key is generated; adding the mobile terminal into a trusted access equipment list; when the mobile terminal needs to log in the application, the authentication data is encrypted by using the equipment fingerprint information and then uploaded to a service background; in a service background, decrypting authentication data uploaded by the mobile terminal by using the private key to obtain an equipment authentication code; and judging whether the current mobile terminal is in a trusted access equipment list or not according to the equipment authentication code. The method can avoid the common exit solidified password security mode of the existing mobile terminal, and improve the security of the information authentication of the mobile terminal.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings, there is shown in the drawings,
fig. 1 is a flow chart illustrating a method for authenticating mobile terminal information based on device fingerprint according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the detailed description and specific examples, while indicating the scope of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention.
Fig. 1 shows a flowchart of a mobile terminal information authentication method based on device fingerprints, comprising the steps of:
s1, after the application of the mobile terminal is installed and started, collecting the equipment fingerprint information of the mobile terminal, and uploading the information to a service background through the mobile Internet;
s2, after the service background collects the device fingerprint information of the mobile terminal, the device fingerprint information is used as an identification public key based on an identification cryptosystem to generate a corresponding private key; the private key is stored in a service background and is not sent to the terminal;
s3, the service platform adds the mobile terminal into a trusted access equipment list;
s4, when the mobile terminal needs to log in the application, the fingerprint information of the device is used for encrypting the authentication data and then uploading the authentication data to a service background;
s5, in the service background, decrypting the authentication data uploaded by the mobile terminal by using the private key to obtain an equipment authentication code;
s6, if the current mobile terminal is judged not to be in the trusted access device list stored in the background server according to the device authentication code, broadcasting the information that the fingerprint of the device is invalid; and if the current mobile terminal is in the trusted access equipment list, passing the information authentication.
The method comprises the steps that device fingerprint information is used as an identification public key based on an identification cryptosystem, and a corresponding private key is generated; adding the mobile terminal into a trusted access equipment list; when the mobile terminal needs to log in the application, the authentication data is encrypted by using the equipment fingerprint information and then uploaded to a service background; in a service background, decrypting authentication data uploaded by the mobile terminal by using the private key to obtain an equipment authentication code; and judging whether the current mobile terminal is in a trusted access equipment list or not according to the equipment authentication code. The method can avoid the common exit solidified password security mode of the existing mobile terminal, and improve the security of the information authentication of the mobile terminal.
The device fingerprint information is a unique device identifier obtained by the mobile terminal according to random performance generated in the device manufacturing process. Because some random characteristics exist in the electronic circuit on the physical manufacturing level, for example, a batch of photosensitive devices produced under the same manufacturing process, when the same content is shot, slight differences exist between picture data output by different devices, and a rough device fingerprint can be obtained by performing comparative analysis on the picture data. For example: the random performance generated based on the DRAM manufacturing process is utilized as the device fingerprint.
Any combination of the various embodiments of the present invention should be considered as disclosed in the present invention, unless the inventive concept is contrary to the present invention; within the scope of the technical idea of the invention, any combination of various simple modifications and different embodiments of the technical solution without departing from the inventive idea of the present invention shall fall within the protection scope of the present invention.
Claims (1)
1. A mobile terminal information authentication method based on device fingerprints is characterized by comprising the following steps:
after the application of the mobile terminal is installed and started, acquiring equipment fingerprint information of the mobile terminal, and uploading the equipment fingerprint information to a service background through the mobile internet, wherein the equipment fingerprint information is an equipment unique identifier obtained by the mobile terminal according to random performance generated in the equipment manufacturing process;
after the service background collects the device fingerprint information of the mobile terminal, the device fingerprint information is used as an identification public key based on an identification cryptosystem to generate a corresponding private key;
the service platform adds the mobile terminal into a trusted access equipment list;
when the mobile terminal needs to log in an application, the authentication data is encrypted by using the equipment fingerprint information and then uploaded to a service background;
in a service background, decrypting authentication data uploaded by the mobile terminal by using the private key to obtain an equipment authentication code;
if the current mobile terminal is judged not to be in the trusted access equipment list stored in the background server according to the equipment authentication code, broadcasting the information of fingerprint invalidation of the equipment; and if the current mobile terminal is in the trusted access equipment list, passing the information authentication.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810450338.5A CN108683508B (en) | 2018-05-11 | 2018-05-11 | Mobile terminal information authentication method based on equipment fingerprint |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810450338.5A CN108683508B (en) | 2018-05-11 | 2018-05-11 | Mobile terminal information authentication method based on equipment fingerprint |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108683508A CN108683508A (en) | 2018-10-19 |
CN108683508B true CN108683508B (en) | 2021-02-09 |
Family
ID=63805543
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810450338.5A Active CN108683508B (en) | 2018-05-11 | 2018-05-11 | Mobile terminal information authentication method based on equipment fingerprint |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108683508B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110099074B (en) * | 2019-05-28 | 2021-06-29 | 创新先进技术有限公司 | Anomaly detection method and system for Internet of things equipment and electronic equipment |
CN112152997B (en) * | 2020-08-20 | 2021-10-22 | 同济大学 | Equipment identification-oriented double-factor authentication method, system, medium and server |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100544254C (en) * | 2005-03-29 | 2009-09-23 | 联想(北京)有限公司 | A kind of method that realizes network access authentication |
CN101162999A (en) * | 2006-10-15 | 2008-04-16 | 柏建敏 | Method of authenticating identification based common key cryptosystem and encryption address in network |
CN101640590B (en) * | 2009-05-26 | 2012-01-11 | 深圳市安捷信联科技有限公司 | Method for obtaining a secret key for identifying cryptographic algorithm and cryptographic center thereof |
US9237448B2 (en) * | 2012-08-15 | 2016-01-12 | Interdigital Patent Holdings, Inc. | Enhancements to enable fast security setup |
CN104754571A (en) * | 2013-12-25 | 2015-07-01 | 深圳中兴力维技术有限公司 | User authentication realizing method, device and system thereof for multimedia data transmission |
CN105262597B (en) * | 2015-11-30 | 2018-10-19 | 中国联合网络通信集团有限公司 | Network access verifying method, client terminal, access device and authenticating device |
CN106921963A (en) * | 2017-01-22 | 2017-07-04 | 海尔优家智能科技(北京)有限公司 | A kind of smart machine accesses the method and device of WLAN |
-
2018
- 2018-05-11 CN CN201810450338.5A patent/CN108683508B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN108683508A (en) | 2018-10-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107770182B (en) | Data storage method of home gateway and home gateway | |
CN108989263B (en) | Short message verification code attack protection method, server and computer readable storage medium | |
US11012860B2 (en) | Method and an apparatus for publishing assertions in a distributed database of a mobile telecommunication network and for personalising internet-of-things devices | |
US20190199530A1 (en) | Device attestation server and method for attesting to the integrity of a mobile device | |
CN110535877B (en) | Internet of things terminal identity authentication method and system based on double authentication | |
JP2019524016A (en) | Methods for managing the status of connected devices | |
CN1934823A (en) | Anonymous authentication method | |
CN111246474B (en) | Base station authentication method and device | |
CN108683508B (en) | Mobile terminal information authentication method based on equipment fingerprint | |
CN112084234A (en) | Data acquisition method, apparatus, device and medium | |
CN115842680B (en) | Network identity authentication management method and system | |
CN106713315A (en) | Login method and device for plug-in application | |
CN113569210A (en) | Distributed identity authentication method, equipment access method and device | |
CN113014546A (en) | Certificate-based authentication registration state management method and system | |
CN114040401B (en) | Terminal authentication method and system | |
CN115333803A (en) | User password encryption processing method, device, equipment and storage medium | |
CN109688096B (en) | IP address identification method, device, equipment and computer readable storage medium | |
CN109379344A (en) | The method for authenticating and authentication server of access request | |
CN112469034B (en) | Internet of things gateway device capable of safely authenticating physical sensing equipment and access method thereof | |
US8380165B1 (en) | Identifying a cloned mobile device in a communications network | |
CN112995098B (en) | Authentication method, electronic device and storage medium | |
CN110266708B (en) | Terminal security verification system and method based on equipment cluster | |
CN114090963A (en) | Method and system for calling trust between micro-services | |
CN106302451A (en) | The method and device of resource acquisition | |
US20050216737A1 (en) | Authentication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |