CN108738011A - The Activiation method and system of equipment - Google Patents
The Activiation method and system of equipment Download PDFInfo
- Publication number
- CN108738011A CN108738011A CN201710270409.9A CN201710270409A CN108738011A CN 108738011 A CN108738011 A CN 108738011A CN 201710270409 A CN201710270409 A CN 201710270409A CN 108738011 A CN108738011 A CN 108738011A
- Authority
- CN
- China
- Prior art keywords
- equipment
- key element
- server
- key
- activation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/22—Processing or transfer of terminal data, e.g. status or physical capabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Power Engineering (AREA)
- Lock And Its Accessories (AREA)
Abstract
The invention discloses a kind of Activiation method of equipment and system, method includes:Equipment carries out authentication with server and after authenticating successfully, obtains the key element being locally stored, be sent to server in activation;Server verifies key element, after verifying successfully, issues the relevant information of equipment to equipment, and the key element that needs carry when activating next time is issued to equipment;The relevant information of reception is written locally equipment, and updates the key element being locally stored.The present invention also ensures that user information is not leaked while reducing server non-productive work, and the significant increase safety of user information solves in equipment, and camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble.
Description
Technical field
The present invention relates to field of communication technology more particularly to the Activiation methods and system of a kind of equipment.
Background technology
Currently, equipment is especially machine card integrated in activation, merely by HMAC between equipment and server
The authentication of (Hash-based Message Authentication Code, hash message authentication code) is mutually authenticated, and is recognized
Card issues the information such as number and configuration to equipment by rear server.
But above-mentioned existing device activation mode, due to carrying out phase merely by HMAC between equipment and server
Mutually authentication, and in HMAC authentications, due to MEID (Mobile Equipment Identifier, the mobile device identification of equipment
Code) and public key be well known, if so be able to know that the MEID of equipment, re-write MEID can disguise oneself as it is known
Equipment.In addition to HMAC is authenticated, not other mode is for the verification between equipment and server during device activation.
It is the process of repeated plant activation for the first time when equipment subsequent activation, this is easy to be utilized by hacker and by pretending equipment
Into line activating, the problem of to obtain the information such as Subscriber Number and configuration, information security is brought to user.
Invention content
The main purpose of the present invention is to provide a kind of Activiation method of equipment and systems, it is intended to solve equipment especially machine
In card equipment integrating, camouflage equipment obtains the information such as number and the configuration of known device and security hidden trouble, raising is caused to set
Standby safety in utilization.
To achieve the above object, the Activiation method of a kind of equipment provided by the invention, including:
The equipment carries out authentication with server and after authenticating successfully, obtains the pass being locally stored in activation
Key element is sent to the server;
The server verifies the key element, after verifying successfully, issues the relevant information of the equipment
To the equipment, and the key element that needs carry when activating next time is issued to the equipment, the relevant information is at least wrapped
Include the number and relevant configuration information of the equipment;
The relevant information of reception is written locally the equipment, and updates the key element being locally stored.
Preferably, the equipment carries out after authenticating successfully with server in activation, obtains the key being locally stored
Element further includes before the step of being sent to the server:
The equipment carries out authentication in initial activation, in the equipment and the server and after authenticating successfully, institute
It states when server issues activation next time to the equipment and needs the key element carried;
The key element that the equipment issues the server stores.
Preferably, the key element is stored in local non-erasable region.
Preferably, the key element is by the server dynamic generation, the server dynamic generation key element
Step includes:
The MEID of the equipment is obtained, and extracts the top N of the mobile device identification code MEID of the equipment or rear N work
For seed, wherein N is positive integer;
The time range interacted with the server from preset time point to current device obtains random number, when described default
Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
Preferably, the key element transmitted between the server and the equipment is encrypted;Wherein:It is described
The step of key element for being handed down to the equipment is encrypted in server include:
The server generates a symmetric key when sending key element to the equipment, is used in combination described symmetrical close
The key element is encrypted in key;
Symmetric key described in public key encryption by the equipment.
Preferably, the step of equipment stores key element that the server issues include:
When the equipment receives the encrypted key element that the server is sent, pass through the private key pair of the equipment
The encrypted key element is decrypted, and obtains symmetric key;
Encrypted key element is unlocked by the symmetric key, and this key element is stored to local non-erasable area
Domain, and/or new and old key element.
The embodiment of the present invention also proposes a kind of Activiation method of equipment, including:
The equipment carries out authentication with server and after authenticating successfully, obtains the pass being locally stored in activation
Key element is sent to the server;
The equipment receives the server and is verified to the key element, and after verifying successfully, what is issued is described
The key element carried, the relevant information is needed at least to wrap the relevant information of equipment and the equipment activate next time when
Include the number and relevant configuration information of the equipment;
The relevant information of reception is written locally the equipment, and updates the key element being locally stored.
Preferably, the equipment carries out after authenticating successfully with server in activation, obtains the key being locally stored
Element further includes before the step of being sent to the server:
The equipment carries out authentication in initial activation, in the equipment and the server and after authenticating successfully, institute
It states equipment and receives the key element for needing to carry when activating next time that the server issues;
The key element that the equipment issues the server stores.
Preferably, the key element transmitted between the server and the equipment is encrypted;The equipment
Include by the step of key element that the server issues storage:
When the equipment receives the encrypted key element that the server is sent, pass through the private key pair of the equipment
The encrypted key element is decrypted, and obtains symmetric key;
Encrypted key element is unlocked by the symmetric key, and this key element is stored to local non-erasable area
Domain, and/or new and old key element.
The embodiment of the present invention also proposes a kind of Activiation method of equipment, including:
The server carries out authentication with the equipment and after authenticating successfully, receives during the device activation
The key element that the equipment is sent;
The server verifies the key element, after verifying successfully, issues the relevant information of the equipment
To the equipment, and the key element that needs carry when activating next time is issued to the equipment, the relevant information is at least wrapped
The relevant information of reception is written locally by the equipment, and updates local by the number and relevant configuration information for including the equipment
The key element of storage.
Preferably, the server with the equipment authenticate and authenticating successfully during the device activation
Afterwards, further include before the step of receiving the key element that the equipment is sent:
The equipment carries out authentication in initial activation, in the equipment and the server and after authenticating successfully, institute
It states when server issues activation next time to the equipment and needs the key element carried, it will be under the server by the equipment
The key element of hair stores.
Preferably, the key element is by the server dynamic generation, the server dynamic generation key element
Step includes:
The MEID of the equipment is obtained, and extracts the top N of the mobile device identification code MEID of the equipment or rear N work
For seed, wherein N is positive integer;
The time range interacted with the server from preset time point to current device obtains random number, when described default
Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
Preferably, the key element transmitted between the server and the equipment is encrypted;Wherein:It is described
The step of key element for being handed down to the equipment is encrypted in server include:
The server generates a symmetric key when sending key element to the equipment, is used in combination described symmetrical close
The key element is encrypted in key;
Symmetric key described in public key encryption by the equipment.
The embodiment of the present invention also proposes that a kind of equipment, the equipment include:Memory, processor and it is stored in the storage
On device and the computer program that can run on the processor, realized such as when the computer program is executed by the processor
Above the step of method.
The embodiment of the present invention also proposes that a kind of server, the server include:It memory, processor and is stored in described
It is real when the computer program is executed by the processor on memory and the computer program that can run on the processor
Now the step of method as described above.
The embodiment of the present invention also proposes a kind of activation system of equipment, including:Equipment and server;Wherein:
The equipment, in activation, carrying out authentication with server and after authenticating successfully, acquisition being locally stored
Key element, be sent to the server;
The server after verifying successfully, issues the correlation of the equipment for being verified to the key element
Information issues the key element that needs carry when activating next time to the equipment to the equipment, and the relevant information is extremely
Include the number and relevant configuration information of the equipment less;
The equipment is additionally operable to the relevant information that will be received write-in locally, and updates the key element being locally stored.
Preferably, the server is additionally operable in the equipment initial activation, the equipment and the server into
Row authenticates and after authenticating successfully, needs the key element carried when issuing activation next time to the equipment;
The equipment is additionally operable to the key element for issuing server storage.
Preferably, the server is additionally operable to key element described in dynamic generation, is specifically used for:
Obtain the MEID of the equipment, and extract the MEID of the equipment top N or it is rear N be used as seed, wherein N
For positive integer;
The time range interacted with the server from preset time point to current device obtains random number, when described default
Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
Preferably, the key element transmitted between the server and the equipment is encrypted;Wherein:
The server is additionally operable to that the key element for being handed down to the equipment is encrypted, is specifically used for:
When sending key element to the equipment, a symmetric key is generated, is used in combination the symmetric key to the pass
Key element is encrypted;Symmetric key described in public key encryption by the equipment.
Preferably, the equipment passes through institute when being additionally operable to receive the encrypted key element that the server is sent
The encrypted key element is decrypted in the private key for stating equipment, obtains symmetric key;It is unlocked by the symmetric key
Encrypted key element, and this key element is stored to local non-erasable region, and/or new and old key element.
The Activiation method and system of a kind of equipment proposed by the present invention are mutually recognized each other with current device activation with server
Based on the HMAC authentications of card, after authenticating successfully, the key element that equipment reads storage is sent to server, server pair
This key element is verified, if verify successfully, issues the information such as number and configuration, and activation is verified next time
After equipment receives key element success, this key element is stored to equipment for key element, updates the key member stored before
Element, and by number and configuration information write device, using the present invention program, while reducing server non-productive work,
It ensure that user information is not leaked, thus the significant increase safety of user information solves in equipment, camouflage equipment obtains
It takes the information such as number and the configuration of known device to cause security hidden trouble, improves the safety in utilization of equipment.
Description of the drawings
Fig. 1 is the flow diagram of the Activiation method first embodiment of present device;
Fig. 2 is the flow diagram of the Activiation method second embodiment of present device;
Fig. 3 is the processing flow schematic diagram of equipment initial activation in the embodiment of the present invention;
Fig. 4 is the processing flow schematic diagram that equipment activates again in the embodiment of the present invention;
Fig. 5 is the flow diagram of the Activiation method 3rd embodiment of present device;
Fig. 6 is the flow diagram of the Activiation method fourth embodiment of present device;
Fig. 7 is the flow diagram of the 5th embodiment of Activiation method of present device;
Fig. 8 is the flow diagram of the Activiation method sixth embodiment of present device;
Fig. 9 is the block schematic illustration of the activation system of present device.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
In order to keep technical scheme of the present invention clearer, clear, it is described in further detail below in conjunction with attached drawing.
Specific implementation mode
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The primary solutions of the embodiment of the present invention are:The HMAC being mutually authenticated with server with current device activation
Based on authentication, after authenticating successfully, the key element that equipment reads storage is sent to server, and server is to this crucial member
Element is verified, if verifying successfully, issues the information such as number and configuration, and activate the key element verified next time
To equipment, after equipment reception key element succeeds, this key element is stored, updates the key element stored before, and general number
Code and configuration information write device, to solve in equipment, camouflage equipment obtains the information such as number and the configuration of known device
Security hidden trouble is caused, the safety in utilization of equipment is improved, while reducing server non-productive work, also ensures user's letter
Breath is not leaked, the safety of significant increase user information.
Equipment includes but not limited to machine card integrated equipment in the present embodiment, and by taking machine card integrated equipment as an example, the present embodiment is examined
Consider:During the machine card integrated device activation of sprint operators, the authentication mode used is OMADM (Open Mobile
Alliance, Open Mobile Alliance) agreement Plays hmac algorithm, three kinds of fundamentals of this algorithm are the mark of equipment
(meid), server identification (serverID) and secret (key).Equipment for having activated, as long as can obtain
To its meid, it will be able to by authentication, and successfully get corresponding facility information from sprint servers.
For such case, the present invention provides a solution, can solve in machine card integrated equipment, and camouflage equipment obtains
It takes the information such as number and the configuration of known device to cause security hidden trouble, ensures the safety of equipment normal users, also avoid
The invalid activation of server.
As shown in Figure 1, first embodiment of the invention proposes a kind of Activiation method of equipment, including:
Step S101, the equipment carry out authentication in activation, with server and after authenticating successfully, obtain local
The key element of storage is sent to the server;
This embodiment scheme is being reflected based on the HMAC authentications that current device activation is mutually authenticated with server
After weighing successfully, equipment reads the key element that is locally stored, and is sent to server, so as to server to this key element into
Row verification issues the relevant informations such as number and configuration if verifying successfully, and the key member that activation next time is verified
After element gives equipment, equipment to receive key element success, this key element is stored, updates the key element stored before, and will
The relevant informations write device such as number and configuration.If server verification failure, this activation failure of annunciator.
Specifically, in the present embodiment, by transmitting key element between equipment and server, device activation process is solved
In, camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, ensures equipment normal users
Safety, also avoid the invalid activation of server.
Wherein, the key element for verification that server issues is locally stored in equipment, as an implementation,
The key element can be generated by server, and certainly, as another embodiment, which can also be by other equipment
It generates and sends to server.The present embodiment is illustrated with key element by server generation.
Equipment carries out HMAC authentications with server first in activation.After authenticating successfully, equipment obtains local deposit
The key element of storage is sent to the server, is verified to this key element by server.
Step S102, the server verifies the key element, after verifying successfully, issues the equipment
Relevant information issues the key element that needs carry when activating next time to the equipment to the equipment, the related letter
Number and relevant configuration information of the breath including at least the equipment;
The relevant information of reception is written locally for step S103, the equipment, and updates the key element being locally stored.
Server verifies this key element after the key element for receiving equipment transmission, if verifying successfully,
The relevant informations such as number and configuration are issued, and the key element that activation is verified next time, to equipment, equipment, which receives, closes
After the success of key element, this key element is stored, updates the key element stored before, and the correlation such as number and configuration is believed
Cease write device.If server verification failure, this activation failure of annunciator.
Wherein, in order to improve the storage security of key element, in the present embodiment, key that equipment can issue server
Element is stored to local non-erasable region.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server
HMAC authentication based on, after authenticate successfully, equipment reading store key element be sent to server, server is to this
Key element is verified, if verifying successfully, issues the information such as number and configuration, and activate the pass verified next time
Key element is to equipment, and after equipment receives key element success, this key element storage to non-erasable region is deposited before update
The key element of storage, and number and configuration information write device are being reduced into server non-productive work using the present invention program
While, also ensuring that user information is not leaked, thus the significant increase safety of user information solves in equipment,
Camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, improves the safe to use of equipment
Property.
As shown in Fig. 2, second embodiment of the invention proposes a kind of Activiation method of equipment, including:
Step S90, the equipment in initial activation, the equipment and the server carry out authentication and authentication at
After work(, the server needs the key element carried when issuing activation next time to the equipment;
Step S200, the key element that the equipment issues the server store;
Step S201, the equipment carry out authentication in activation, with server and after authenticating successfully, obtain local
The key element of storage is sent to the server;
Step S202, the server verifies the key element, after verifying successfully, issues the equipment
Relevant information issues the key element that needs carry when activating next time to the equipment to the equipment, the related letter
Number and relevant configuration information of the breath including at least the equipment;
The relevant information of reception is written locally for step S203, the equipment, and updates the key element being locally stored.
Activation next time is obtained compared to above-mentioned first embodiment shown in FIG. 1, when the present embodiment further includes equipment initial activation
The scheme of key element.
Step S101 in the present embodiment in step S201, S202, S203 and above-mentioned first embodiment shown in FIG. 1,
S102, S103 correspond to identical, and this will not be repeated here.
In the present embodiment, equipment carries out after authenticating successfully with server in activation, obtains the key being locally stored
Element, being sent to the server further includes before:
Step S90, the equipment in initial activation, the equipment and the server carry out authentication and authentication at
After work(, the server needs the key element carried when issuing activation next time to the equipment;
Step S200, the key element storage that the equipment issues the server to local non-erasable region.
Specifically, equipment is authenticated with server first in initial activation, and after authenticating successfully, server is to setting
It is standby to issue the key element for needing to carry when activating next time.Later, the key element storage that equipment issues server is to originally
The non-erasable region in ground.
The process flow of equipment initial activation can be with as shown in figure 3, detailed process be as follows in the present embodiment:
S001:Equipment connects configuration server.
S002:Mutual HMAC authentications are carried out between equipment and server.
S003:It authenticates successfully, server sending device activates the key element for needing to verify and this activation next time
Equipment needs the information such as the number being written and configuration;If failed authentication, server annunciator failed authentication.
S004:Equipment receives key element success, then stores key element, and new and old key element;Equipment receives
Key element failure is not received by key element, then server is required to retransmit key element.
S005:Equipment stores and updates key element success, and the information write-in such as number, configuration of server transmission is set
It is standby, and notification server activates successfully;Equipment stores and updates key element failure, then is not written into the information such as number, configuration, accuses
Know the update failure of server key element.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server
HMAC authentication based on, in equipment initial activation, from server obtain this activation number and configuration etc. information, and
The key element that activation is verified next time that server issues is obtained, this key element is stored to non-erasable region,
And by number and configuration information write device, also ensured while reducing server non-productive work using the present invention program
User information is not leaked, thus the significant increase safety of user information solves in equipment, camouflage equipment obtains
Know that the information such as number and the configuration of equipment cause security hidden trouble, improves the safety in utilization of equipment.
Further, in this embodiment the process flow that equipment activates again can be with as shown in figure 4, detailed process be as follows:
S001:Equipment connects configuration server.
S002:Mutual HMAC authentications are carried out between equipment and server.
S003:If authenticating successfully, equipment reads the key element of storage and reports server;If failed authentication, server
Annunciator failed authentication.
S004:Server verifies the key element that equipment reports.
S005:Key element verification passes through, and server sending device activates the key element for needing to verify next time, and
This activation equipment needs the information such as the number being written and configuration;If key element verification failure, server annunciator mirror
Power failure.
S006:Equipment receives key element success, then stores key element, and new and old key element;Equipment receives
Key element failure is not received by key element, then server is required to retransmit key element.
S007:Equipment stores and updates key element success, and the information write-in such as number, configuration of server transmission is set
It is standby, and notification server activates successfully;Equipment stores and updates key element failure, then is not written into the information such as number, configuration, accuses
Know the update failure of server key element.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server
HMAC authentication based on, after authenticate successfully, equipment reading store key element be sent to server, server is to this
Key element is verified, if verifying successfully, issues the information such as number and configuration, and activate the pass verified next time
Key element is to equipment, and after equipment receives key element success, this key element storage to non-erasable region is deposited before update
The key element of storage, and number and configuration information write device are being reduced into server non-productive work using the present invention program
While, also ensuring that user information is not leaked, thus the significant increase safety of user information solves in equipment,
Camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, improves the safe to use of equipment
Property.
Further, as previously mentioned, in the present embodiment, key element is by server dynamic generation, specific key element
Generating algorithm may be used such as under type:
First, obtain the MEID of the equipment, and extract the MEID of the equipment top N or it is rear N be used as seed,
In, N is positive integer, for example can take 0;
The time range interacted with the server from preset time point to current device obtains random number, when described default
Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
Concrete example is as follows:
The MEID for obtaining the equipment is used as seed by six after the MEID of equipment, then with from 0 to current device with clothes
Be engaged in device interaction time range obtain random number, the two take and as key element value.
It is directed to each MEID or same MEID in this way, the value for the key element that server issues every time is all that dynamic becomes
Change.
Certainly, it should be noted that the generating algorithm of key element can not also be limited to aforesaid way in the present embodiment, this
Embodiment is not especially limited this.
In addition it is also necessary to explanation, the transmission for key element, in order to avoid being cut in key element transmission process
Take, in the present embodiment, between server and equipment the transmission of key element carried out encryption.
Wherein:The process that the key element for being handed down to the equipment is encrypted in server may include:
The server generates a symmetric key when sending key element to the equipment, is used in combination described symmetrical close
The key element is encrypted in key;Later, symmetric key described in the public key encryption by the equipment.
In equipment side, when the equipment receives the encrypted key element that the server is sent, set by described
The encrypted key element is decrypted in standby private key, obtains symmetric key;Again encrypted pass is unlocked with symmetric key
Key element, and this key element is stored to local non-erasable region, new and old key element.
Process when device-to-server transmission key element is similar, and details are not described herein.
As a result, through the above scheme, all it is ciphertext in transmission process due to key element, can not be solved being intercepted
It is close go out key element therefore, further ensure user information because private key is that each equipment is unique and be not leaked, greatly
Improve the safety of user information.
As shown in figure 5, third embodiment of the invention proposes a kind of Activiation method of equipment, including:
Step S301, the equipment carry out authentication in activation, with server and after authenticating successfully, obtain local
The key element of storage is sent to the server;
This embodiment scheme is being reflected based on the HMAC authentications that current device activation is mutually authenticated with server
After weighing successfully, equipment reads the key element that is locally stored, and is sent to server, so as to server to this key element into
Row verification issues the relevant informations such as number and configuration if verifying successfully, and the key member that activation next time is verified
After element gives equipment, equipment to receive key element success, this key element is stored, updates the key element stored before, and will
The relevant informations write device such as number and configuration.If server verification failure, this activation failure of annunciator.
Specifically, in the present embodiment, by transmitting key element between equipment and server, device activation process is solved
In, camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, ensures equipment normal users
Safety, also avoid the invalid activation of server.
Wherein, the key element for verification that server issues is locally stored in equipment, as an implementation,
The key element can be generated by server, and certainly, as another embodiment, which can also be by other equipment
It generates and sends to server.The present embodiment is illustrated with key element by server generation.
Equipment carries out HMAC authentications with server first in activation.After authenticating successfully, equipment obtains local deposit
The key element of storage is sent to the server, is verified to this key element by server.
Step S302, the equipment receives the server and is verified to the key element, after verifying successfully, under
The key element carried, the related letter are needed the relevant information and the equipment of the equipment of hair activate next time when
Number and relevant configuration information of the breath including at least the equipment;
The relevant information of reception is written locally for step S303, the equipment, and updates the key element being locally stored.
Server verifies this key element after the key element for receiving equipment transmission, if verifying successfully,
The relevant informations such as number and configuration are issued, and the key element that activation is verified next time, to equipment, equipment, which receives, closes
After the success of key element, this key element is stored, updates the key element stored before, and the correlation such as number and configuration is believed
Cease write device.If server verification failure, this activation failure of annunciator.
Wherein, in order to improve the storage security of key element, in the present embodiment, key that equipment can issue server
Element is stored to local non-erasable region.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server
HMAC authentication based on, after authenticate successfully, equipment reading store key element be sent to server, server is to this
Key element is verified, if verifying successfully, issues the information such as number and configuration, and activate the pass verified next time
Key element is to equipment, and after equipment receives key element success, this key element storage to non-erasable region is deposited before update
The key element of storage, and number and configuration information write device are being reduced into server non-productive work using the present invention program
While, also ensuring that user information is not leaked, thus the significant increase safety of user information solves in equipment,
Camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, improves the safe to use of equipment
Property.
As shown in fig. 6, fourth embodiment of the invention proposes a kind of Activiation method of equipment, including:
Step S400, the equipment with the server authenticate and authenticating in initial activation in the equipment
After success, the equipment receives the key element for needing to carry when activating next time that the server issues;The equipment will
The key element storage that the server issues.
Step S401, the equipment carry out authentication in activation, with server and after authenticating successfully, obtain local
The key element of storage is sent to the server;
Step S402, the equipment receives the server and is verified to the key element, after verifying successfully, under
The key element carried, the related letter are needed the relevant information and the equipment of the equipment of hair activate next time when
Number and relevant configuration information of the breath including at least the equipment;
The relevant information of reception is written locally for step S403, the equipment, and updates the key element being locally stored.
Activation next time is obtained compared to above-mentioned 3rd embodiment shown in fig. 5, when the present embodiment further includes equipment initial activation
The scheme of key element.
Step S301 in the present embodiment in step S401, S402, S403 and above-mentioned 3rd embodiment shown in fig. 5,
S302, S303 correspond to identical, and this will not be repeated here.
In the present embodiment, the equipment is carried out with server after authenticating successfully, acquisition is locally stored in activation
Key element, further include before the step of being sent to the server:
Step S400, the equipment with the server authenticate and authenticating in initial activation in the equipment
After success, the equipment receives the key element for needing to carry when activating next time that the server issues;The equipment will
The key element storage that the server issues.
Specifically, equipment is authenticated with server first in initial activation, and after authenticating successfully, server is to setting
It is standby to issue the key element for needing to carry when activating next time.Later, the key element storage that equipment issues server is to originally
The non-erasable region in ground.
The process flow of equipment initial activation can be with as shown in figure 3, detailed process be as follows in the present embodiment:
S001:Equipment connects configuration server.
S002:Mutual HMAC authentications are carried out between equipment and server.
S003:It authenticates successfully, server sending device activates the key element for needing to verify and this activation next time
Equipment needs the information such as the number being written and configuration;If failed authentication, server annunciator failed authentication.
S004:Equipment receives key element success, then stores key element, and new and old key element;Equipment receives
Key element failure is not received by key element, then server is required to retransmit key element.
S005:Equipment stores and updates key element success, and the information write-in such as number, configuration of server transmission is set
It is standby, and notification server activates successfully;Equipment stores and updates key element failure, then is not written into the information such as number, configuration, accuses
Know the update failure of server key element.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server
HMAC authentication based on, in equipment initial activation, from server obtain this activation number and configuration etc. information, and
The key element that activation is verified next time that server issues is obtained, this key element is stored to non-erasable region,
And by number and configuration information write device, also ensured while reducing server non-productive work using the present invention program
User information is not leaked, thus the significant increase safety of user information solves in equipment, camouflage equipment obtains
Know that the information such as number and the configuration of equipment cause security hidden trouble, improves the safety in utilization of equipment.
Further, in this embodiment the process flow that equipment activates again can be with as shown in figure 4, detailed process be as follows:
S001:Equipment connects configuration server.
S002:Mutual HMAC authentications are carried out between equipment and server.
S003:If authenticating successfully, equipment reads the key element of storage and reports server;If failed authentication, server
Annunciator failed authentication.
S004:Server verifies the key element that equipment reports.
S005:Key element verification passes through, and server sending device activates the key element for needing to verify next time, and
This activation equipment needs the information such as the number being written and configuration;If key element verification failure, server annunciator mirror
Power failure.
S006:Equipment receives key element success, then stores key element, and new and old key element;Equipment receives
Key element failure is not received by key element, then server is required to retransmit key element.
S007:Equipment stores and updates key element success, and the information write-in such as number, configuration of server transmission is set
It is standby, and notification server activates successfully;Equipment stores and updates key element failure, then is not written into the information such as number, configuration, accuses
Know the update failure of server key element.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server
HMAC authentication based on, after authenticate successfully, equipment reading store key element be sent to server, server is to this
Key element is verified, if verifying successfully, issues the information such as number and configuration, and activate the pass verified next time
Key element is to equipment, and after equipment receives key element success, this key element storage to non-erasable region is deposited before update
The key element of storage, and number and configuration information write device are being reduced into server non-productive work using the present invention program
While, also ensuring that user information is not leaked, thus the significant increase safety of user information solves in equipment,
Camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, improves the safe to use of equipment
Property.
Further, as previously mentioned, in the present embodiment, key element is by server dynamic generation, specific key element
Generating algorithm may be used such as under type:
First, obtain the MEID of the equipment, and extract the MEID of the equipment top N or it is rear N be used as seed,
In, N is positive integer, for example can take 0;
The time range interacted with the server from preset time point to current device obtains random number, when described default
Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
Concrete example is as follows:
The MEID for obtaining the equipment is used as seed by six after the MEID of equipment, then with from 0 to current device with clothes
Be engaged in device interaction time range obtain random number, the two take and as key element value.
It is directed to each MEID or same MEID in this way, the value for the key element that server issues every time is all that dynamic becomes
Change.
Certainly, it should be noted that the generating algorithm of key element can not also be limited to aforesaid way in the present embodiment, this
Embodiment is not especially limited this.
In addition it is also necessary to explanation, the transmission for key element, in order to avoid being cut in key element transmission process
Take, in the present embodiment, between server and equipment the transmission of key element carried out encryption.
Wherein:The process that the key element for being handed down to the equipment is encrypted in server may include:
The server generates a symmetric key when sending key element to the equipment, is used in combination described symmetrical close
The key element is encrypted in key;Later, symmetric key described in the public key encryption by the equipment.
In equipment side, when the equipment receives the encrypted key element that the server is sent, set by described
The encrypted key element is decrypted in standby private key, obtains symmetric key;Again encrypted pass is unlocked with symmetric key
Key element, and this key element is stored to local non-erasable region, new and old key element.
Process when device-to-server transmission key element is similar, and details are not described herein.
As a result, through the above scheme, all it is ciphertext in transmission process due to key element, can not be solved being intercepted
It is close go out key element therefore, further ensure user information because private key is that each equipment is unique and be not leaked, greatly
Improve the safety of user information.
As shown in fig. 7, fifth embodiment of the invention proposes a kind of Activiation method of equipment, including:
Step S501, the server during device activation, with the equipment carry out authentication and authentication at
After work(, the key element that the equipment is sent is received;
This embodiment scheme is being reflected based on the HMAC authentications that current device activation is mutually authenticated with server
After weighing successfully, equipment reads the key element that is locally stored, and is sent to server, so as to server to this key element into
Row verification issues the relevant informations such as number and configuration if verifying successfully, and the key member that activation next time is verified
After element gives equipment, equipment to receive key element success, this key element is stored, updates the key element stored before, and will
The relevant informations write device such as number and configuration.If server verification failure, this activation failure of annunciator.
Specifically, in the present embodiment, by transmitting key element between equipment and server, device activation process is solved
In, camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, ensures equipment normal users
Safety, also avoid the invalid activation of server.
Wherein, the key element for verification that server issues is locally stored in equipment, as an implementation,
The key element can be generated by server, and certainly, as another embodiment, which can also be by other equipment
It generates and sends to server.The present embodiment is illustrated with key element by server generation.
Equipment carries out HMAC authentications with server first in activation.After authenticating successfully, equipment obtains local deposit
The key element of storage is sent to the server, is verified to this key element by server.
Step S502, the server verifies the key element, after verifying successfully, issues the equipment
Relevant information issues the key element that needs carry when activating next time to the equipment to the equipment, the related letter
The relevant information of reception is written locally by the equipment including at least the number and relevant configuration information of the equipment for breath, and
Update the key element being locally stored.
Server verifies this key element after the key element for receiving equipment transmission, if verifying successfully,
The relevant informations such as number and configuration are issued, and the key element that activation is verified next time, to equipment, equipment, which receives, closes
After the success of key element, this key element is stored, updates the key element stored before, and the correlation such as number and configuration is believed
Cease write device.If server verification failure, this activation failure of annunciator.
Wherein, in order to improve the storage security of key element, in the present embodiment, key that equipment can issue server
Element is stored to local non-erasable region.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server
HMAC authentication based on, after authenticate successfully, equipment reading store key element be sent to server, server is to this
Key element is verified, if verifying successfully, issues the information such as number and configuration, and activate the pass verified next time
Key element is to equipment, and after equipment receives key element success, this key element storage to non-erasable region is deposited before update
The key element of storage, and number and configuration information write device are being reduced into server non-productive work using the present invention program
While, also ensuring that user information is not leaked, thus the significant increase safety of user information solves in equipment,
Camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, improves the safe to use of equipment
Property.
As shown in figure 8, sixth embodiment of the invention proposes a kind of Activiation method of equipment, including:
Step S601, the server during device activation, with the equipment carry out authentication and authentication at
After work(, the key element that the equipment is sent is received;
Step S602, the server verifies the key element, after verifying successfully, issues the equipment
Relevant information issues the key element that needs carry when activating next time to the equipment to the equipment, the related letter
The relevant information of reception is written locally by the equipment including at least the number and relevant configuration information of the equipment for breath, and
Update the key element being locally stored.
Activation next time is obtained compared to above-mentioned 5th embodiment shown in Fig. 7, when the present embodiment further includes equipment initial activation
The scheme of key element.
Step S601, S602 are corresponding with step S501, S502 in above-mentioned 5th embodiment shown in Fig. 7 in the present embodiment
Identical, this will not be repeated here.
In the present embodiment, the server during device activation, with the equipment authenticate and authenticating
After success, further include before the step of receiving the key element that the equipment is sent:
Step S500, the equipment with the server authenticate and authenticating in initial activation in the equipment
After success, the server needs the key element that carries when issuing activation next time to the equipment, by the equipment by institute
State the key element storage that server issues.
Specifically, equipment is authenticated with server first in initial activation, and after authenticating successfully, server is to setting
It is standby to issue the key element for needing to carry when activating next time.Later, the key element storage that equipment issues server is to originally
The non-erasable region in ground.
The process flow of equipment initial activation can be with as shown in figure 3, detailed process be as follows in the present embodiment:
S001:Equipment connects configuration server.
S002:Mutual HMAC authentications are carried out between equipment and server.
S003:It authenticates successfully, server sending device activates the key element for needing to verify and this activation next time
Equipment needs the information such as the number being written and configuration;If failed authentication, server annunciator failed authentication.
S004:Equipment receives key element success, then stores key element, and new and old key element;Equipment receives
Key element failure is not received by key element, then server is required to retransmit key element.
S005:Equipment stores and updates key element success, and the information write-in such as number, configuration of server transmission is set
It is standby, and notification server activates successfully;Equipment stores and updates key element failure, then is not written into the information such as number, configuration, accuses
Know the update failure of server key element.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server
HMAC authentication based on, in equipment initial activation, from server obtain this activation number and configuration etc. information, and
The key element that activation is verified next time that server issues is obtained, this key element is stored to non-erasable region,
And by number and configuration information write device, also ensured while reducing server non-productive work using the present invention program
User information is not leaked, thus the significant increase safety of user information solves in equipment, camouflage equipment obtains
Know that the information such as number and the configuration of equipment cause security hidden trouble, improves the safety in utilization of equipment.
Further, in this embodiment the process flow that equipment activates again can be with as shown in figure 4, detailed process be as follows:
S001:Equipment connects configuration server.
S002:Mutual HMAC authentications are carried out between equipment and server.
S003:If authenticating successfully, equipment reads the key element of storage and reports server;If failed authentication, server
Annunciator failed authentication.
S004:Server verifies the key element that equipment reports.
S005:Key element verification passes through, and server sending device activates the key element for needing to verify next time, and
This activation equipment needs the information such as the number being written and configuration;If key element verification failure, server annunciator mirror
Power failure.
S006:Equipment receives key element success, then stores key element, and new and old key element;Equipment receives
Key element failure is not received by key element, then server is required to retransmit key element.
S007:Equipment stores and updates key element success, and the information write-in such as number, configuration of server transmission is set
It is standby, and notification server activates successfully;Equipment stores and updates key element failure, then is not written into the information such as number, configuration, accuses
Know the update failure of server key element.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server
HMAC authentication based on, after authenticate successfully, equipment reading store key element be sent to server, server is to this
Key element is verified, if verifying successfully, issues the information such as number and configuration, and activate the pass verified next time
Key element is to equipment, and after equipment receives key element success, this key element storage to non-erasable region is deposited before update
The key element of storage, and number and configuration information write device are being reduced into server non-productive work using the present invention program
While, also ensuring that user information is not leaked, thus the significant increase safety of user information solves in equipment,
Camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, improves the safe to use of equipment
Property.
Further, as previously mentioned, in the present embodiment, key element is by server dynamic generation, specific key element
Generating algorithm may be used such as under type:
First, obtain the MEID of the equipment, and extract the MEID of the equipment top N or it is rear N be used as seed,
In, N is positive integer, for example can take 0;
The time range interacted with the server from preset time point to current device obtains random number, when described default
Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
Concrete example is as follows:
The MEID for obtaining the equipment is used as seed by six after the MEID of equipment, then with from 0 to current device with clothes
Be engaged in device interaction time range obtain random number, the two take and as key element value.
It is directed to each MEID or same MEID in this way, the value for the key element that server issues every time is all that dynamic becomes
Change.
Certainly, it should be noted that the generating algorithm of key element can not also be limited to aforesaid way in the present embodiment, this
Embodiment is not especially limited this.
In addition it is also necessary to explanation, the transmission for key element, in order to avoid being cut in key element transmission process
Take, in the present embodiment, between server and equipment the transmission of key element carried out encryption.
Wherein:The process that the key element for being handed down to the equipment is encrypted in server may include:
The server generates a symmetric key when sending key element to the equipment, is used in combination described symmetrical close
The key element is encrypted in key;Later, symmetric key described in the public key encryption by the equipment.
In equipment side, when the equipment receives the encrypted key element that the server is sent, set by described
The encrypted key element is decrypted in standby private key, obtains symmetric key;Again encrypted pass is unlocked with symmetric key
Key element, and this key element is stored to local non-erasable region, new and old key element.
Process when device-to-server transmission key element is similar, and details are not described herein.
As a result, through the above scheme, all it is ciphertext in transmission process due to key element, can not be solved being intercepted
It is close go out key element therefore, further ensure user information because private key is that each equipment is unique and be not leaked, greatly
Improve the safety of user information.
In addition, the embodiment of the present invention also proposes that a kind of equipment, the equipment include:Memory, processor and it is stored in institute
The computer program that can be run on memory and on the processor is stated, when the computer program is executed by the processor
Realize following operation:
The equipment carries out authentication with server and after authenticating successfully, obtains the pass being locally stored in activation
Key element is sent to the server;
The equipment receives the server and is verified to the key element, and after verifying successfully, what is issued is described
The key element carried, the relevant information is needed at least to wrap the relevant information of equipment and the equipment activate next time when
Include the number and relevant configuration information of the equipment;
The relevant information of reception is written locally the equipment, and updates the key element being locally stored.
The computer program can also realize following operation when being executed by the processor:
The equipment carries out authentication in initial activation, in the equipment and the server and after authenticating successfully, institute
It states equipment and receives the key element for needing to carry when activating next time that the server issues;
The key element that the equipment issues the server stores.
The computer program can also realize following operation when being executed by the processor:
When the equipment receives the encrypted key element that the server is sent, pass through the private key pair of the equipment
The encrypted key element is decrypted, and obtains symmetric key;
Encrypted key element is unlocked by the symmetric key, and this key element is stored to local non-erasable area
Domain, and/or new and old key element.
Equipment interacts the detailed schematic for the activation for realizing equipment with server in the present embodiment, please refers to above-mentioned each implementation
Example, details are not described herein.
The embodiment of the present invention also proposes a kind of server, which is characterized in that the server includes:Memory, processor
And it is stored in the computer program that can be run on the memory and on the processor, the computer program is by the place
It manages and realizes following operation when device executes:
The server carries out authentication with the equipment and after authenticating successfully, receives during the device activation
The key element that the equipment is sent;
The server verifies the key element, after verifying successfully, issues the relevant information of the equipment
To the equipment, and the key element that needs carry when activating next time is issued to the equipment, the relevant information is at least wrapped
The relevant information of reception is written locally by the equipment, and updates local by the number and relevant configuration information for including the equipment
The key element of storage.
The computer program can also realize following operation when being executed by the processor:
The equipment carries out authentication in initial activation, in the equipment and the server and after authenticating successfully, institute
It states when server issues activation next time to the equipment and needs the key element carried, it will be under the server by the equipment
The key element of hair stores.
The computer program can also realize following operation when being executed by the processor:
The MEID of the equipment is obtained, and extracts the top N of the mobile device identification code MEID of the equipment or rear N work
For seed, wherein N is positive integer;
The time range interacted with the server from preset time point to current device obtains random number, when described default
Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
The computer program can also realize following operation when being executed by the processor:
The server generates a symmetric key when sending key element to the equipment, is used in combination described symmetrical close
The key element is encrypted in key;
Symmetric key described in public key encryption by the equipment.
Equipment interacts the detailed schematic for the activation for realizing equipment with server in the present embodiment, please refers to above-mentioned each implementation
Example, details are not described herein.
Accordingly, the activation system embodiment of present device is proposed.
As shown in figure 9, present pre-ferred embodiments propose a kind of activation system of equipment, including:Equipment and server;Its
In:
The equipment, in activation, carrying out authentication with server and after authenticating successfully, acquisition being locally stored
Key element, be sent to the server;
The server after verifying successfully, issues the correlation of the equipment for being verified to the key element
Information issues the key element that needs carry when activating next time to the equipment to the equipment, and the relevant information is extremely
Include the number and relevant configuration information of the equipment less;
The equipment is additionally operable to the relevant information that will be received write-in locally, and updates the key element being locally stored.
Further, the server is additionally operable in the equipment initial activation, in the equipment and the server
It carries out authentication and after authenticating successfully, needs the key element carried when issuing activation next time to the equipment;
The equipment is additionally operable to the key element for issuing server storage to local non-erasable region.
Further, the server is additionally operable to key element described in dynamic generation, is specifically used for:
Obtain the MEID of the equipment, and extract the MEID of the equipment top N or it is rear N be used as seed, wherein N
For positive integer;
The time range interacted with the server from preset time point to current device obtains random number, when described default
Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
Further, the key element transmitted between the server and the equipment is encrypted;Wherein:
The server is additionally operable to that the key element for being handed down to the equipment is encrypted, is specifically used for:
When sending key element to the equipment, a symmetric key is generated, is used in combination the symmetric key to the pass
Key element is encrypted;Symmetric key described in public key encryption by the equipment.
Further, the equipment passes through when being additionally operable to receive the encrypted key element that the server is sent
The encrypted key element is decrypted in the private key of the equipment, obtains symmetric key;Pass through the symmetric key solution
Encrypted key element is opened, and this key element is stored to local non-erasable region, and/or new and old key element.
Specifically, this embodiment scheme is authenticated as base with current device activation and the HMAC that server is mutually authenticated
Plinth, after authenticating successfully, equipment reads the key element being locally stored, and is sent to server, so that server closes this
Key element is verified, if verifying successfully, issues the relevant informations such as number and configuration, and activation is verified next time
Key element to equipment, after equipment receives key element success, this key element is stored, updates the key member stored before
Element, and by the relevant informations write device such as number and configuration.If server verification failure, this activation of annunciator is lost
It loses.
Specifically, in the present embodiment, by transmitting key element between equipment and server, device activation process is solved
In, camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, ensures equipment normal users
Safety, also avoid the invalid activation of server.
Wherein, the key element for verification that server issues is locally stored in equipment, as an implementation,
The key element can be generated by server, and certainly, as another embodiment, which can also be by other equipment
It generates and sends to server.The present embodiment is illustrated with key element by server generation.
Equipment carries out HMAC authentications with server first in activation.After authenticating successfully, equipment obtains local deposit
The key element of storage is sent to the server, is verified to this key element by server.
Server verifies this key element after the key element for receiving equipment transmission, if verifying successfully,
The relevant informations such as number and configuration are issued, and the key element that activation is verified next time, to equipment, equipment, which receives, closes
After the success of key element, this key element is stored, updates the key element stored before, and the correlation such as number and configuration is believed
Cease write device.If server verification failure, this activation failure of annunciator.
Wherein, in order to improve the storage security of key element, in the present embodiment, key that equipment can issue server
Element is stored to local non-erasable region.
Compared with prior art, the present embodiment through the above scheme, is mutually authenticated with current device activation with server
HMAC authentication based on, after authenticate successfully, equipment reading store key element be sent to server, server is to this
Key element is verified, if verifying successfully, issues the information such as number and configuration, and activate the pass verified next time
Key element is to equipment, and after equipment receives key element success, this key element storage to non-erasable region is deposited before update
The key element of storage, and number and configuration information write device are being reduced into server non-productive work using the present invention program
While, also ensuring that user information is not leaked, thus the significant increase safety of user information solves in equipment,
Camouflage equipment obtains the information such as number and the configuration of known device and causes security hidden trouble, improves the safe to use of equipment
Property.
More specifically, the process flow of equipment initial activation can be with as shown in figure 3, the place activated again in the present embodiment
Managing flow can be as shown in Figure 4.
Further, in this embodiment key element is by server dynamic generation, specific key element generating algorithm can
With in the following way:
First, obtain the MEID of the equipment, and extract the MEID of the equipment top N or it is rear N be used as seed,
In, N is positive integer, for example can take 0;
The time range interacted with the server from preset time point to current device obtains random number, when described default
Between point be greater than or equal to 0, be less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
Concrete example is as follows:
The MEID for obtaining the equipment is used as seed by six after the MEID of equipment, then with from 0 to current device with clothes
Be engaged in device interaction time range obtain random number, the two take and as key element value.
It is directed to each MEID or same MEID in this way, the value for the key element that server issues every time is all that dynamic becomes
Change.
Certainly, it should be noted that the generating algorithm of key element can not also be limited to aforesaid way in the present embodiment, this
Embodiment is not especially limited this.
In addition it is also necessary to explanation, the transmission for key element, in order to avoid being cut in key element transmission process
Take, in the present embodiment, between server and equipment the transmission of key element carried out encryption.
Wherein:The process that the key element for being handed down to the equipment is encrypted in server may include:
The server generates a symmetric key when sending key element to the equipment, is used in combination described symmetrical close
The key element is encrypted in key;Later, symmetric key described in the public key encryption by the equipment.
In equipment side, when the equipment receives the encrypted key element that the server is sent, set by described
The encrypted key element is decrypted in standby private key, obtains symmetric key;Again encrypted pass is unlocked with symmetric key
Key element, and this key element is stored to local non-erasable region, new and old key element.
Process when device-to-server transmission key element is similar, and details are not described herein.
As a result, through the above scheme, all it is ciphertext in transmission process due to key element, can not be solved being intercepted
It is close go out key element therefore, further ensure user information because private key is that each equipment is unique and be not leaked, greatly
Improve the safety of user information.
The foregoing is merely the preferred embodiment of the present invention, are not intended to limit the scope of the invention, every utilization
Equivalent structure made by description of the invention and accompanying drawing content or flow transformation, are applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (14)
1. a kind of Activiation method of equipment, which is characterized in that including:
The equipment carries out authentication in activation, with server and after authenticating successfully, obtains the key member being locally stored
Element is sent to the server;
The server verifies the key element, after verifying successfully, issues the relevant information of the equipment to institute
The key element carried, the relevant information is needed to include at least institute when stating equipment, and activation next time is issued to the equipment
State the number and relevant configuration information of equipment;
The relevant information of reception is written locally the equipment, and updates the key element being locally stored.
2. according to the method described in claim 1, it is characterized in that, the equipment is reflected in activation with server
After weighing successfully, further include before the step of obtaining the key element being locally stored, being sent to the server:
The equipment carries out authentication in initial activation, in the equipment and the server and after authenticating successfully, the clothes
Business device needs the key element carried when issuing activation next time to the equipment;
The key element that the equipment issues the server stores.
3. according to the method described in claim 2, it is characterized in that, the key element is stored in local non-erasable region.
4. according to the method described in claim 1, it is characterized in that, the key element is by the server dynamic generation, institute
The step of stating server dynamic generation key element include:
The MEID of the equipment is obtained, and extracts the top N of the mobile device identification code MEID of the equipment or rear N conduct kind
Son, wherein N is positive integer;
The time range interacted with the server from preset time point to current device obtains random number, the preset time point
More than or equal to 0, it is less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
5. according to the described method of any one of claim 1-4, which is characterized in that passed between the server and the equipment
Defeated key element is encrypted;Wherein:The key element for being handed down to the equipment is encrypted in the server
The step of include:
The server generates a symmetric key, the symmetric key pair is used in combination when sending key element to the equipment
The key element is encrypted;
Symmetric key described in public key encryption by the equipment.
6. according to the method described in claim 5, it is characterized in that, the equipment deposits the key element that the server issues
The step of storage includes:
When the equipment receives the encrypted key element that the server is sent, by the private key of the equipment to described
Encrypted key element is decrypted, and obtains symmetric key;
Encrypted key element is unlocked by the symmetric key, and this key element is stored to local non-erasable region,
And/or new and old key element.
7. a kind of Activiation method of equipment, which is characterized in that including:
The equipment carries out authentication in activation, with server and after authenticating successfully, obtains the key member being locally stored
Element is sent to the server;
The equipment receives the server and is verified to the key element, after verifying successfully, the equipment that issues
Relevant information and the equipment need when activating next time the key element carried, the relevant information to include at least institute
State the number and relevant configuration information of equipment;
The relevant information of reception is written locally the equipment, and updates the key element being locally stored.
8. the method according to the description of claim 7 is characterized in that the equipment is reflected in activation with server
After weighing successfully, further include before the step of obtaining the key element being locally stored, being sent to the server:
The equipment carries out authentication in initial activation, in the equipment and the server and after authenticating successfully, described to set
The standby key element for needing to carry when activating next time for receiving the server and issuing;
The key element that the equipment issues the server stores.
9. method according to claim 7 or 8, which is characterized in that the pass transmitted between the server and the equipment
Key element is encrypted;The step of equipment stores key element that the server issues include:
When the equipment receives the encrypted key element that the server is sent, by the private key of the equipment to described
Encrypted key element is decrypted, and obtains symmetric key;
Encrypted key element is unlocked by the symmetric key, and this key element is stored to local non-erasable region,
And/or new and old key element.
10. a kind of Activiation method of equipment, which is characterized in that including:
The server carries out authentication during the device activation, with the equipment and after authenticating successfully, described in reception
The key element that equipment is sent;
The server verifies the key element, after verifying successfully, issues the relevant information of the equipment to institute
The key element carried, the relevant information is needed to include at least institute when stating equipment, and activation next time is issued to the equipment
The relevant information of reception is written locally by the equipment, and updates and be locally stored by the number and relevant configuration information for stating equipment
Key element.
11. according to the method described in claim 10, it is characterized in that, the server during device activation, with
The step of equipment carries out authentication and after authenticate successfully, the key element for receiving equipment transmission further include before:
The equipment carries out authentication in initial activation, in the equipment and the server and after authenticating successfully, the clothes
Business device needs the key element carried when issuing activation next time to the equipment, is issued the server by the equipment
Key element stores.
12. according to the method for claim 11, which is characterized in that the key element by the server dynamic generation,
The step of server dynamic generation key element includes:
The MEID of the equipment is obtained, and extracts the top N of the mobile device identification code MEID of the equipment or rear N conduct kind
Son, wherein N is positive integer;
The time range interacted with the server from preset time point to current device obtains random number, the preset time point
More than or equal to 0, it is less than the equipment and the server interaction time terminal;
By the seed and the random number take and as key element value.
13. according to the method described in claim 10,11 or 12, which is characterized in that passed between the server and the equipment
Defeated key element is encrypted;Wherein:The key element for being handed down to the equipment is encrypted in the server
The step of include:
The server generates a symmetric key, the symmetric key pair is used in combination when sending key element to the equipment
The key element is encrypted;
Symmetric key described in public key encryption by the equipment.
14. a kind of activation system of equipment, which is characterized in that including:Equipment and server;Wherein:
The equipment, in activation, carrying out authentication with server and after authenticating successfully, obtaining the pass being locally stored
Key element is sent to the server;
The server after verifying successfully, issues the relevant information of the equipment for being verified to the key element
To the equipment, and the key element that needs carry when activating next time is issued to the equipment, the relevant information is at least wrapped
Include the number and relevant configuration information of the equipment;
The equipment is additionally operable to the relevant information that will be received write-in locally, and updates the key element being locally stored.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710270409.9A CN108738011A (en) | 2017-04-21 | 2017-04-21 | The Activiation method and system of equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710270409.9A CN108738011A (en) | 2017-04-21 | 2017-04-21 | The Activiation method and system of equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108738011A true CN108738011A (en) | 2018-11-02 |
Family
ID=63933812
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710270409.9A Pending CN108738011A (en) | 2017-04-21 | 2017-04-21 | The Activiation method and system of equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108738011A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113050995A (en) * | 2021-02-06 | 2021-06-29 | 广州朗国电子科技有限公司 | Screen projection activation information storage method, screen projection equipment and storage medium |
-
2017
- 2017-04-21 CN CN201710270409.9A patent/CN108738011A/en active Pending
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113050995A (en) * | 2021-02-06 | 2021-06-29 | 广州朗国电子科技有限公司 | Screen projection activation information storage method, screen projection equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108768988B (en) | Block chain access control method, block chain access control equipment and computer readable storage medium | |
US11882442B2 (en) | Handset identifier verification | |
CA2744971C (en) | Secure transaction authentication | |
US7640430B2 (en) | System and method for achieving machine authentication without maintaining additional credentials | |
CN1323538C (en) | A dynamic identity certification method and system | |
CN105847247A (en) | Authentication system and working method thereof | |
CN108270571A (en) | Internet of Things identity authorization system and its method based on block chain | |
US20040172536A1 (en) | Method for authentication between a portable telecommunication object and a public access terminal | |
KR20170139093A (en) | A method for a network access device to access a wireless network access point, a network access device, an application server, and a non-volatile computer readable storage medium | |
CN108418691A (en) | Dynamic network identity identifying method based on SGX | |
CN101641976A (en) | An authentication method | |
CN108683510A (en) | A kind of user identity update method of encrypted transmission | |
CN105099690A (en) | OTP and user behavior-based certification and authorization method in mobile cloud computing environment | |
CN105323754B (en) | A kind of distributed method for authenticating based on wildcard | |
CN108024243B (en) | A kind of eSIM is caught in Network Communication method and its system | |
US9398024B2 (en) | System and method for reliably authenticating an appliance | |
CN101990201B (en) | Method, system and device for generating general bootstrapping architecture (GBA) secret key | |
CN107026823A (en) | Applied to the access authentication method and terminal in WLAN WLAN | |
CN108769029A (en) | It is a kind of to application system authentication device, method and system | |
CN110493177A (en) | Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and system | |
Khan et al. | Offline OTP based solution for secure internet banking access | |
CN115473655A (en) | Terminal authentication method, device and storage medium for access network | |
CN109587683B (en) | Method and system for preventing short message from being monitored, application program and terminal information database | |
CN110519222A (en) | Outer net access identity authentication method and system based on disposable asymmetric key pair and key card | |
CN109981677A (en) | A kind of credit management method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20181102 |