CN109492378B - Identity verification method based on equipment identification code, server and medium - Google Patents

Identity verification method based on equipment identification code, server and medium Download PDF

Info

Publication number
CN109492378B
CN109492378B CN201811429643.2A CN201811429643A CN109492378B CN 109492378 B CN109492378 B CN 109492378B CN 201811429643 A CN201811429643 A CN 201811429643A CN 109492378 B CN109492378 B CN 109492378B
Authority
CN
China
Prior art keywords
identification code
information item
preset
target
code generation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811429643.2A
Other languages
Chinese (zh)
Other versions
CN109492378A (en
Inventor
李骁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201811429643.2A priority Critical patent/CN109492378B/en
Publication of CN109492378A publication Critical patent/CN109492378A/en
Application granted granted Critical
Publication of CN109492378B publication Critical patent/CN109492378B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application discloses an identity verification method based on a device identification code, a server and a medium, which are applied to the technical field of safety protection. Wherein the method comprises the following steps: receiving an identity verification request sent by terminal equipment; selecting a target information item from the equipment information according to a preset identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item, wherein the identification code generation rule is used for indicating that the target information item is processed according to a preset algorithm so as to obtain an identification code of the terminal equipment; judging whether the first identification code is matched with a prestored second identification code of the terminal equipment or not; and when the judgment result is that the first identification code is matched with the second identification code, determining that the authentication of the terminal equipment is successful. The application is beneficial to improving the reliability of the identity verification of the terminal equipment.

Description

Identity verification method based on equipment identification code, server and medium
Technical Field
The present application relates to the field of security protection technologies, and in particular, to an identity verification method, a server, and a medium based on a device identification code.
Background
In the business risk control scenario, a Unique device identifier (Unique DEVICE IDENTIFIER, abbreviated as UDID) technology, which uniquely identifies a mobile device, is a very important risk control technology cornerstone. The server side can determine the identity of the equipment according to the UDID, so that the operation of the equipment is safely managed. Currently, a product generating UDID in the market generally generates UDID by a client, for example, UDID generated by a part of products is a randomly generated serial code, and the randomly generated serial code is easy to be tampered by lawbreakers, so that a server cannot perform validity verification on the randomly generated serial code. This results in that the obtained UDID may be unreliable, so that the server cannot determine the authenticity of the identity of the device, and the authentication of the device is unreliable.
Disclosure of Invention
The embodiment of the application provides an identity verification method based on a device identification code, a server and a medium, which are beneficial to improving the reliability of identity verification of terminal devices.
In a first aspect, an embodiment of the present application provides an authentication method based on a device identifier, including:
receiving an identity verification request sent by terminal equipment, wherein the identity verification request comprises equipment information of the terminal equipment, and the equipment information comprises one or more information items of an identifier of the terminal equipment, a Media Access Control (MAC) address, a Central Processing Unit (CPU) serial number, screen resolution, a main board model, an equipment brand, a CPU model, an equipment product name, a manufacturer name, an operating system compiling type, an operating system default setting item and a sensor number;
Selecting a target information item from the equipment information according to a preset identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item, wherein the identification code generation rule is used for indicating that the target information item is processed according to a preset algorithm so as to obtain an identification code of the terminal equipment;
judging whether the first identification code is matched with a prestored second identification code of the terminal equipment or not;
And when the judgment result is that the first identification code is matched with the second identification code, determining that the authentication of the terminal equipment is successful.
Optionally, before the receiving the authentication request sent by the terminal device, the method further includes:
setting priority for each information item respectively;
the selecting a target information item from the device information according to a preset identification code generation rule, and generating a first identification code of the terminal device according to the target information item, including:
Determining the information item with the highest priority in the information items included in the equipment information according to the priority of the information items included in the equipment information, and determining an identification code generation rule corresponding to the information item with the highest priority from a preset identification code generation rule set, wherein the identification code generation rule set comprises a plurality of identification code generation rules, and different identification code generation rules are used for indicating different information items to be processed according to a preset algorithm so as to obtain the identification code of the terminal equipment;
and selecting a target information item from the equipment information according to the determined identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item.
Optionally, the device information includes an identifier of the terminal device; the selecting a target information item from the device information according to a preset identification code generation rule, and generating a first identification code of the terminal device according to the target information item, including:
Determining an identification code generation rule corresponding to the identification of the terminal equipment from a preset identification code generation rule set according to the corresponding relation between the preset terminal equipment identification and the identification code generation rule, wherein the identification code generation rule set comprises a plurality of identification code generation rules, and each identification code generation rule corresponds to one or more terminal equipment identifications;
and selecting a target information item from the equipment information according to the determined identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item.
Optionally, the selecting a target information item from the device information according to a preset identification code generation rule, and generating a first identification code of the terminal device according to the target information item includes:
Detecting system time and determining a time period in which the system time is located;
Determining an identification code generation rule corresponding to a time period where the system time is located from a preset identification code generation rule set according to the corresponding relation between the preset time period and the identification code generation rule, wherein the identification code generation rule set comprises a plurality of identification code generation rules, and each identification code generation rule corresponds to one or a plurality of used time periods;
and selecting a target information item from the equipment information according to the determined identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item.
Optionally, the generating the first identification code of the terminal device according to the target information item includes:
processing the target information item according to a preset hash algorithm to obtain a target hash value corresponding to the target information item;
Processing the target hash value according to a preset processing rule to obtain a processed target hash value, and taking the processed target hash value as a first identification code of the terminal equipment;
The preset processing rule includes replacing a value in a preset position in the target hash value with a preset value, extracting first M values of the target hash value, extracting last N values of the target hash value, or adding one or more preset values from the end of the target hash value to enable the length of the target hash value to reach a preset length, wherein M and N are integers greater than or equal to 1.
Optionally, before the generating the first identification code of the terminal device according to the target information item, the method further includes:
Determining a target verification algorithm corresponding to the target information item from a preset verification algorithm set according to the corresponding relation between the preset verification algorithm and the information item;
Verifying the target information item using the target verification algorithm to determine whether the target information item has been tampered with;
And triggering the step of generating the first identification code of the terminal equipment according to the target information item when the target information item is determined not to be tampered.
Optionally, the determining whether the first identification code is matched with a pre-stored second identification code of the terminal device includes:
Acquiring a prestored identification list of the terminal equipment, wherein the identification list comprises one or more second identification codes, and each second identification code is generated according to different information items;
judging whether the first identification code is matched with a second identification code in an identification list of the terminal equipment;
And when the first identification code is matched with any one of the second identification codes in the identification list, determining that the first identification code is matched with the second identification code of the terminal equipment.
In a second aspect, an embodiment of the present application provides a server comprising means for performing the method of the first aspect described above.
In a third aspect, an embodiment of the present application provides another server, including a processor, a communication interface, and a memory, where the processor, the communication interface, and the memory are connected to each other, where the memory is configured to store a computer program supporting the server to perform the method described above, and the computer program includes program instructions, and the processor is configured to invoke the program instructions to perform the method of the first aspect described above. Optionally, the server may further comprise a user interface.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium storing a computer program comprising program instructions which, when executed by a processor, cause the processor to perform the method of the first aspect described above.
According to the embodiment of the application, the equipment information of the terminal equipment can be obtained through the server, the target information item is selected from the equipment information according to the preset identification code generation rule, the first identification code of the terminal equipment is generated according to the target information item, and further, when the first identification code is judged to be matched with the second identification code of the pre-stored terminal equipment, the success of the identity verification of the terminal equipment is determined, and the identification code is not generated by the terminal equipment any more, so that the authenticity of the identity of the terminal equipment is determined, and the reliability of the identity verification of the terminal equipment is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of an authentication method based on a device identification code according to an embodiment of the present application;
FIG. 2 is a flow chart of another authentication method based on device identification codes according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a server according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of another server according to an embodiment of the present application.
Detailed Description
The following description of the technical solutions according to the embodiments of the present application will be given with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The technical scheme of the application can be applied to the server and is used for verifying the identity of the terminal equipment. The terminal device related to the application can be a mobile phone, a tablet personal computer, a personal computer and the like, and the application is not limited.
In some wind control scenes, when the identity of the terminal equipment is verified, the method and the device can be used for obtaining the equipment information of the terminal equipment, processing the equipment information according to the preset identification code generation rule to generate the first identification code of the terminal equipment, and further determining that the identity verification of the terminal equipment is successful when the first identification code is judged to be matched with the second identification code of the pre-stored terminal equipment. Compared with the mode that in the prior art, the terminal equipment (client) generates the identification code and sends the identification code to the server for matching verification, the method and the device for matching verification of the terminal equipment generate the identification code according to the acquired equipment information and the identification code generation rule, can avoid the problem that the equipment identification code is tampered by lawless persons and the acquired identification code is unreliable, and therefore the method and the device are beneficial to determining the authenticity of the identity of the terminal equipment, and improve the reliability of the identity verification of the terminal equipment. Each of which is described in detail below.
In the present application, the identification code such as the first identification code, the second identification code, etc. may also be called the remaining names, such as identification, identifier such as UDID, etc., and the present application is not limited thereto.
Referring to fig. 1, fig. 1 is a flow chart of an authentication method based on a device identification code according to an embodiment of the present application. Specifically, the method of the embodiment may be applied to the server described above. As shown in fig. 1, the device identification code-based authentication method may include the steps of:
101. and receiving an authentication request sent by the terminal equipment, wherein the authentication request comprises equipment information of the terminal equipment.
The device information may include one or more information items of information such as an identification of the terminal device, a Media Access Control (MAC) address, a CPU serial number, a screen resolution, a motherboard model, a device brand, a CPU model, a device product name, a manufacturer name, an operating system compilation type, an operating system default setting item, a sensor number, and the like.
Optionally, the terminal device may refer to any terminal that needs to perform identity verification, for example, a terminal device that sends a service request, or a terminal device connected to a risk identification product, or a terminal device in a specific wind control scenario, or a terminal device that triggers (for example, through a preset key or gesture or other preset triggering means) an identity verification instruction, and the application is not limited. The particular wind control scenario may include a login scenario, a transaction scenario, and/or an APP offer domain scenario, among others. Further alternatively, the authentication request may refer to a request initiated under a specific wind control scenario, such as a login request, a transaction request, etc. Further alternatively, in other embodiments, the device information may also be device information that is sent by the server to the terminal device after the server receives the authentication request of the terminal device, and is sent by the terminal device in response to the information request.
102. Selecting a target information item from the equipment information according to a preset identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item.
The identification code generation rule can be used for indicating that the target information item is processed according to a preset algorithm so as to obtain the identification code of the terminal equipment. The preset identification code generation rule may be one or more. Optionally, the identification code generation rules corresponding to different terminal devices may be the same or different; and/or the target information items corresponding to different identification code generation rules can be the same or different; and/or the preset algorithms adopted by the different identification code generation rules can be the same or different. Wherein, the acquired device information is the same, which means that the acquired information items are the same, and the values corresponding to the information items may be different. For example, the information item may be an identification of the terminal device, a CPU model, etc., and the value corresponding to the information item may be a specific identification, a specific CPU model, etc.
It is understood that the target information item may be a part of the acquired device information of the terminal device, not the entire information item. For example, the target information item may be an identifier of a terminal device, such as an international mobile equipment identifier (International Mobile Equipment Identity, abbreviated as IMEI) (or an Android ID or other identifier), and the preset identifier generation rule may refer to selecting the IMEI from device information and generating the first identifier according to the IMEI, for example, processing the IMEI according to a preset first algorithm to obtain the first identifier. For another example, the target information item may be a MAC address of the terminal device, and the preset identification code generation rule may refer to selecting the MAC address from device information and generating the first identification code according to the MAC address, for example, processing the MAC address according to a preset second algorithm to obtain the first identification code; as another example, the target information item is a specific several information items, such as: the preset identification code generation rule may refer to selecting the specific several information items from the device information and generating the first identification code according to the specific several information items, for example, processing the specific several information items according to a preset third algorithm to obtain the first identification code, and so on. Wherein the first algorithm, the second algorithm and/or the third algorithm may be the same or different.
Optionally, when the server generates the first identification code of the terminal device according to the target information item, that is, processes the target information item according to a preset algorithm to obtain the first identification code of the terminal device, the server may specifically process the target information item according to a preset hash algorithm (or other algorithms) to obtain a target hash value corresponding to the target information item, and use the target hash value as the first identification code of the terminal device; or after the target hash value is obtained, the target hash value can be further processed according to a preset processing rule to obtain a processed target hash value, and the processed target hash value is used as the first identification code of the terminal device. Further optionally, the preset processing rule may include replacing a value in a preset position in the target hash value with a preset value, extracting first M values of the target hash value, extracting last N values of the target hash value, or adding one or more preset values from the end of the target hash value (the preset value may be the same as or different from a preset value corresponding to the preset position) so that the length of the target hash value reaches a preset length, and so on. Wherein M and N are integers greater than or equal to 1. Correspondingly, the first identification code is a target hash value obtained by replacing a value at a preset position with a preset value, the first M values of the target hash value, the last N values of the target hash value, or a value reaching the preset length obtained by adding one or more preset values to the end of the target hash value, and the like.
Or alternatively, when the server generates the first identification code of the terminal device according to the target information item, that is, processes the target information item according to a preset algorithm to obtain the first identification code of the terminal device, the first E bit (preset algorithm) of the target information item may be extracted as the first identification code; or extracting the back F bits (preset algorithm) of the target information item as the first identification code; or extracting the first C bits of each target information item, concatenating the extracted values in order of the priority of each target information item from high to low (preset algorithm), using the concatenated values as the first identification code, and so on, which are not listed herein. E. F and C are integers greater than or equal to 1.
It will be appreciated that the preset algorithms employed by the different identification code generation rules may be the same or different and may refer to: the hash algorithm (or other algorithm) employed by the different identification code generation rules may be the same or different, and/or the processing rules employed by the different identification code generation rules may be the same or different. For example, when the first algorithm, the second algorithm, and/or the third algorithm are different, the adopted hash algorithm may be different, the adopted processing rule of the hash value corresponding to the hash algorithm may be different, or both may be different, and specifically, may be preset, which is not limited by the present application.
103. And judging whether the first identification code is matched with a prestored second identification code of the terminal equipment.
The second identification code may be an identification code of the terminal device stored in advance by the server. Specifically, the server may acquire the device information of the terminal device, further determine an identifier generating rule of the terminal device according to the acquired device information of the terminal device, and generate the identifier of the terminal device according to the identifier generating rule, that is, the second identifier. The server may store the second identification code of the terminal device, for example, the second identification code may be associated with the device information of the terminal device (may be all the acquired device information or may be some acquired device information, that is, one or more information items included in the device information, such as an identifier of the terminal device), so as to perform subsequent authentication on the terminal device according to the second identification code during authentication. It can be understood that the manner of generating the second identification code by the server is the same as that of generating the first identification code, and specific reference may be made to the description related to the generation of the first identification code, which is not repeated herein.
Optionally, the server may further store the second identifier of the terminal device, the device information (may be all the acquired device information, or may be some acquired device information, that is, one or more information items included in the device information, such as an identifier of the terminal device), and an identifier generating rule in association, so as to quickly determine, during identity verification, the identifier generating rule and the second identifier corresponding to the terminal device, so as to perform identity verification. That is, the server may store all collected device information and identification code generation rules of the terminal device, and the second identification code in association; one or more items of information in all the equipment information, the identification code generation rule and the second identification code can be stored in an associated mode, so that the cost required for storage is reduced. When the subsequent terminal equipment initiates an identity verification request, the server can generate the identification code, namely the first identification code, again according to the uploaded equipment information, and match and compare the identification code with the stored second identification code so as to perform identity verification on the terminal equipment.
For example, in one possible implementation, the target information items corresponding to different identification code generation rules may be different. Optionally, before the receiving the authentication request sent by the terminal device, priorities may be set for the information items respectively, and the server may set to obtain a correspondence between the various identification code generation rules and the priorities of the information items, and preset to obtain an identification code generation rule set including the various identification code generation rules. The server may further select the target information item and generate the second identification code according to the identification code generation rule corresponding to the information item with the highest priority in the obtained device information of the terminal device (or may determine the identification code generation rule corresponding to the information item with each priority, so as to select the target information item and generate a plurality of second identification codes, respectively), so as to facilitate comparison of identification codes during subsequent authentication. Further, when the server generates the first identification code of the terminal device, according to the priority of each information item included in the device information, determining the information item with the highest priority in each information item included in the device information, and determining an identification code generation rule corresponding to the information item with the highest priority from a preset identification code generation rule set, where the identification code generation rule set includes multiple identification code generation rules, and different identification code generation rules are used for indicating that different (partially different or completely different) information items are processed according to a preset algorithm so as to obtain the identification code of the terminal device; the server can select an information item (such as the information item with the highest priority) corresponding to the identification code generation rule from the equipment information according to the determined identification code generation rule as the target information item, and generate the first identification code of the terminal equipment according to the target information item. That is, the server may determine the target information item for generating the first identification code according to the acquired information items of each priority, so as to prevent the information items included in the acquired device information from being different each time, thereby improving the flexibility of generating the identification code and further improving the reliability of identity verification. For example, it is assumed that the priority of the identity of the terminal device such as IMEI, MAC address, and other information item is preset, and it is assumed that the priority of IMEI is higher than the priority of MAC address, which is higher than the priority of the other information item (the priority of each information item of the other information item is the same). If the acquired equipment information comprises the IMEI, that is, the IMEI is acquired, a first identification code such as a first UDID can be generated according to the IMEI; if the IMEI is not acquired, a first UDID can be generated according to the acquired MAC address; if the IMEI and the MAC address are not obtained, the first UDID may also be generated by using the other information items, for example, a hash value corresponding to the other information items is generated by using a hash algorithm, and the hash value is used as the first UDID, or the hash value is processed and then used as the first UDID, so as to perform matching comparison with a second identification code of the terminal device, such as the second UDID, which is stored in advance, so as to realize identity verification.
As another example, in one possible implementation, before the receiving the authentication request sent by the terminal device, the priority may also be set for each information item separately. The server can set the identification code generation rules according to the priority of each information item, namely, an identification code generation rule set comprising the plurality of identification code generation rules is preset; the setting may obtain the information item corresponding to the identification code generation rule (i.e., the information item selected according to the identification code generation rule, that is, the information item processed by the preset algorithm) may be the information item of the priority corresponding to the identification code generation rule (for example, all the information items under the priority included in the equipment information), or may be other information items, which may be specifically preset, and the application is not limited thereto. The server may further select the target information item and generate the second identification code according to the identification code generation rule corresponding to the highest priority among the priorities of the information items included in the acquired device information of the terminal device (or may determine the identification code generation rule corresponding to each priority respectively to select the target information item and generate a plurality of second identification codes respectively), so as to facilitate comparison of identification codes during subsequent authentication. Further, when the server generates the first identification code of the terminal device, the server may determine, according to the priorities of the information items included in the device information, a highest priority among the priorities of the information items included in the device information, and determine an identification code generation rule corresponding to the highest priority from a preset identification code generation rule set, where the identification code generation rule set includes a plurality of identification code generation rules, and different identification code generation rules may be used to instruct processing different information items according to a preset algorithm to obtain an identification code of the terminal device; and selecting a target information item from the equipment information according to the determined identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item. That is, the server may determine the target information item for generating the first identification code according to the priority of each acquired information item, so as to prevent the information items included in the acquired device information from being different each time, improve flexibility of generating the identification code, and further improve reliability of identity verification. For example, assume that the priority of the identifier such as IMEI, MAC address and other information items of the terminal device is preset, and assume that the priority of IMEI is one level and the corresponding identification code generation rule is rule 1; the priority of the MAC address is two-level, and the corresponding identification code generation rule is rule 2; the priority of the other information items is three-level (the priority of each information item of the other information items is the same), the corresponding identification code generation rule is rule 3, and the first level is higher than the second level and higher than the third level. If the acquired equipment information comprises the IMEI, the MAC address and other information items, the highest priority is one level, the target information item can be selected according to the identification code generation rule corresponding to the one level and the identification code generation rule 1, and a first identification code such as a first UDID is generated, for example, a hash value corresponding to the target information item such as the IMEI is generated by using a hash algorithm, the hash value is used as the first UDID, or the hash value is processed and then used as the first UDID, and the like, so that the matching comparison is conveniently carried out between the first identification code and a second identification code such as a second UDID of the terminal equipment, which is stored in advance, so that the identity verification is realized.
For another example, in one possible implementation manner, the server may store in advance a correspondence between each terminal device identifier and an identifier generating rule, that is, preset to obtain an identifier generating rule set including the identifier generating rule corresponding to each terminal device identifier. Further, the obtained device information may include an identifier of the terminal device, and when the server generates the first identifier of the terminal device, the server may determine, according to a correspondence between a preset identifier of the terminal device and an identifier generation rule, an identifier generation rule corresponding to the identifier of the terminal device from a preset identifier generation rule set, where the identifier generation rule set includes multiple identifier generation rules, and each identifier generation rule may correspond to one or more identifiers of the terminal device; and then the target information item can be selected from the equipment information according to the determined identification code generation rule, and the first identification code of the terminal equipment can be generated according to the target information item. That is, the server may determine the identification code generation rule according to the obtained identifier of the terminal device, and further select the target information item according to the identification code generation rule and generate the first identification code, which improves flexibility of identification code generation and further improves reliability of identity verification.
For another example, in one possible implementation manner, the server may store the correspondence between the plurality of time periods and the identification code generation rule in advance, that is, preset to obtain the identification code generation rule set including the identification code generation rule corresponding to the plurality of time periods. Further, the server can detect the system time and determine the time period of the system time when generating the first identification code of the terminal equipment; determining an identification code generation rule corresponding to the time period of the system time from a preset identification code generation rule set according to the corresponding relation between the preset time period and the identification code generation rule, wherein the identification code generation rule set comprises a plurality of identification code generation rules, and each identification code generation rule can correspond to one or a plurality of used time periods; and selecting a target information item from the equipment information according to the determined identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item. That is, the server may determine the identification code generation rule according to the detected current time period, and further select the target information item according to the identification code generation rule and generate the first identification code, which improves flexibility of identification code generation and further improves reliability of identity verification.
Alternatively, one terminal device may correspond to one or more second identification codes, each second identification code may be generated according to a different information item of device information of the terminal device, or may be generated according to a different identification code generation rule corresponding to the terminal device, and the server may store in advance one or more second identification codes corresponding to each terminal device, for example, store an identification list including identification identifiers of the one or more second identification codes corresponding to each terminal device. Further, when judging whether the first identification code and the second identification code are matched, acquiring a prestored identification list of the terminal equipment, wherein the identification list comprises at least one second identification code, and each second identification code can be generated according to different information items; judging whether the first identification code is matched with a second identification code in an identification list of the terminal equipment; when the first identification code is matched with any one of the second identification codes in the identification list, the first identification code is determined to be matched with the second identification code of the terminal equipment. Further optionally, the server may further store device information in advance, such as a correspondence between the identifier of the terminal device and the second identifier, so that the server may search for the corresponding second identifier to match with the identifier of the terminal device as an index during the authentication. Further optionally, the server may further store device information of the terminal device, and further when performing identity verification, may match the obtained device information of the terminal device with the stored device information of the terminal device, match a first identification code obtained based on the device information with a stored second identification code of the terminal device, and determine that the identity verification of the terminal device is successful when both the device information and the identification code are identical.
104. And when the judgment result is that the first identification code is matched with the second identification code, determining that the authentication of the terminal equipment is successful.
If the first identification code is matched with the second identification code, the identification code of the terminal equipment such as UDID is not tampered, the identity of the terminal equipment can be determined to be legal, and the identity verification of the terminal equipment is successful; otherwise, if the first identification code is not matched with the second identification code, the fact that the terminal identification code such as UDID is tampered can be indicated, the identity of the terminal equipment can be determined to be illegal, and the identity verification of the terminal equipment fails.
Further optionally, after determining the authentication result of the terminal device, the operation of the terminal device may be managed according to the identity of the terminal device, for example, after the authentication of the terminal device is successful, the subsequent operation may be allowed; or after the authentication of the terminal device fails, the subsequent operation can be prevented.
In this embodiment, the server may be configured to obtain the device information of the terminal device, and select the target information item from the device information according to a preset identifier generating rule, so as to generate the first identifier of the terminal device according to the target information item, and further determine that the authentication of the terminal device is successful when it is determined that the first identifier is matched with the second identifier of the terminal device stored in advance, which is helpful to determine the authenticity of the identity of the terminal device, and promote the reliability of the authentication of the terminal device.
Referring to fig. 2, fig. 2 is a flowchart of another authentication method based on a device identifier according to an embodiment of the present application. Specifically, as shown in fig. 2, the authentication method based on the device identification code may include the following steps:
201. And receiving an authentication request sent by the terminal equipment, wherein the authentication request comprises equipment information of the terminal equipment.
When performing identity verification based on the device identifier, the server may obtain multiple pieces of device information of the device bottom layer of the current terminal, for example, receive device information carried by the terminal device in the identity verification request (in other embodiments, may also obtain device information corresponding to the identifier generating rule according to the preset identifier generating rule, etc.). Optionally, the device information may include any one or more of: router information of the connected Wi-Fi hotspot (including a router name (or Wi-Fi name) such as Wi-Fi service set identification (SERVICE SET IDENTIFIER, abbreviation: SSID), router MAC address (or Wi-Fi MAC address) such as Wi-Fi Basic service set identification (Basic SERVICE SET IDENTIFIER, abbreviation: BSSID), etc.), model (model and/or brand), CPU manufacturer information, bluetooth information, sensor information, user usage trace information such as memory space values, network type used, android state (or referred to as running state, if in root state), system file exception information (if system files of preset path and name exist), number of applications installed, number of files stored, package name of access App, version number of SDK, operating system type, operating system version, device unique identification code (UDID), whether jail has been broken down (e.g. 1 represents jail broken down, 0 represents unbroken), latitude and longitude information, network type, whether a designated App is installed (e.g., 1 represents installed, 0 represents uninstalled), whether an ali number is installed, whether a v8 plug-in is installed, current timestamp (e.g., precision in milliseconds), advertisement identifier, vendor identifier, device model number, hostname, CPU core number, CPU type, CPU subtype, screen resolution, total memory space, memory space left, time zone, language, power, battery status, carrier name, national ISO, start time, keyboard list, did is erased or tampered with, did stored in localfile, user interface, and/interface, user interface, and/user interface, and/interface, etc. and user interface, whether a GPS switch is on (e.g., 0 for off, 1 for on), GPS grant status, APP loaded dynamic link library list, etc.
202. And selecting target information items from the equipment information according to a preset identification code generation rule.
The identification code generation rule can be used for indicating that the target information item is processed according to a preset algorithm so as to obtain the identification code of the terminal equipment.
Optionally, the target information items may be fixedly set, that is, the target information items corresponding to each identification code generation rule may be the same; or alternatively, the target information items corresponding to the respective identification code generation rules may be different.
Specifically, other descriptions of steps 201-202 may refer to the related descriptions of the embodiment shown in fig. 1 and are not repeated herein.
203. And determining a target verification algorithm corresponding to the target information item from a preset verification algorithm set according to the corresponding relation between the preset verification algorithm and the information item.
Wherein the set of verification algorithms includes one or more verification algorithms, such as luhn algorithm, MEID verification algorithm, MAC address field verification algorithm, length verification algorithm, character verification algorithm, flag verification algorithm, and the like. Specifically, the corresponding relation between the verification algorithm and the information item can be preset, so that the target information item can be verified according to the verification algorithm corresponding to the target information item, namely, the target verification algorithm. Alternatively, the target information item may correspond to one or more target verification algorithms.
204. The target information item is verified using the target verification algorithm to determine whether the target information item has been tampered with.
Before the first identification code is generated, whether the target information item is tampered can be checked, so that the reliability of identity verification of the terminal equipment is further improved. For example, when the target information item is an MEID, whether the IMEI is legal or not can be verified based on luhn algorithm and MEID verification algorithm (i.e. the target verification algorithm is luhn algorithm and MEID verification algorithm), so as to realize whether the IMEI is tampered or not from multiple angles; for another example, when the target information item is a MAC address, whether the MAC address is tampered or not may be checked based on a MAC address field checking algorithm, that is, whether the obtained MAC address belongs to an address field allocated to a model and a brand of the terminal device (a correspondence between the model, the brand, and the MAC address field of the terminal device may be preset) is detected, so as to detect whether the MAC address is tampered or not; for another example, when the target information item is an Android ID, whether the Android ID is tampered or not can be checked based on a length check algorithm and a character check algorithm, that is, whether the Android ID is a preset fixed length or not and whether other characters are included or not (the correct Android ID is generally a fixed length and is composed of 0-9,a-f) is detected, so as to detect whether the Android ID is tampered or not.
As another example, the device information may be tampered with by Xposed plug-ins. Thus, for any target information item, whether it is tampered can be checked based on the flag checking algorithm. Specifically, the server may obtain a flag value of the objective function corresponding to the objective information item, and determine whether the objective function is hook according to the flag value. Optionally, when it is determined that the objective function is hook, it may indicate that the objective information item is tampered, and further it may be determined that authentication of the terminal device fails. Or alternatively, when the objective function is determined to be hook, an objective function pointer corresponding to the objective function can be obtained from the memory of the objective function; according to the corresponding relation between each function pointer and the function stored in advance, an original function corresponding to the target function pointer is determined, for example, the target function can be replaced by the original function, the function of the hook can be restored, and an original target information item can be determined according to the original function. And the first identification code of the terminal equipment can be generated according to the original target information item, so that the terminal equipment can be conveniently authenticated according to the original target information item, namely, authentication based on the equipment identification code is performed based on the real equipment information. The flag value may be used to flag the state of the objective function, where the state may refer to a state of whether the objective function is tampered with, or may refer to a read-write state, a blocked and non-blocked state, a state of exiting a process or a program, and/or a state of changing the content of a file, so that whether the objective function is hook can be determined according to the flag value. It will be appreciated that each function has a corresponding flag, which is a variable that changes when a function is tampered with. Thus, the server can determine whether the function is hook-shaped, that is, whether the device information corresponding to the function is tampered by detecting whether the flag of the function is changed. The value of the flag may be stored in a memory corresponding to the objective function. The function pointer and the function to be hook are stored in different fields of the same memory, and mapping relations exist between different function pointers and the original function or between different function pointers and storage addresses of the original function. The original function pointer stored in the memory is not tampered, and according to the working principle of Xposed plug-in units, original information of the function is backed up and stored in a specific address in the memory before tampering the target function, namely the address pointed by the target function pointer. And once this backup information is tampered with, then Xposed plug-ins will not work properly. Thus, the original function obtained at the specific address pointed to by the target function pointer must be the correct function, which is not tampered with.
In one possible implementation, the server may compare the character at the preset position in the flag value with a preset fixed character when determining whether the objective function is hook according to the flag value; and when the character at the preset position is different from the fixed character through comparison, determining that the objective function is hook. The number of characters at the preset position is the same as that of the fixed characters, so that matching comparison is facilitated. That is, the change of the flag may refer to a change of one or more bits of the flag value, and the one or more bits may refer to one or more bits at a preset position of the flag. Thus, the server may compare one or more bits of the obtained flag value at the preset position with the fixed character when not tampered, and if the one or more bits of the flag value are changed, that is, the one or more bits of the flag value are different from the fixed character, it indicates that the objective function is tampered, that is, the device information corresponding to the objective function is tampered. For example, for a system with Android versions above 4.4 and below 5.0, when some Xposed plugins take a hook on a function, the 1 bit (bit) at the fixed position of the flag value of the function is set to be 1; while the normal untampered function, the bit of the flag value is 0 (i.e., the fixed character described above). Thus, by detecting whether the fixed bit of the flag value of the function is 0, it can be known whether the function is hook by Xposed plug-ins. That is, if the fixed bit of the flag value of the function under test is not 0, this indicates that the function is hook and that the function is tampered with.
In a possible implementation manner, when determining whether the objective function is hook according to the flag value, the server may further perform a logic operation on the flag value according to a preset logic algorithm to obtain an operation result value; when the operation result value is a positive integer, the objective function is determined to be hook. The logic algorithm may be determined according to a preset character string and a jump address when a native function in the system is executed. That is, the value after the flag is processed according to the preset logic algorithm may also be compared with a fixed character such as 0 when not tampered, and if the value after the processing is changed, i.e., is not 0, for example, is a certain positive integer, the function is indicated to be hook. For example, for a system with Android version at 5.0 and above, if the result is equal to a positive integer according to a logic algorithm such as the logic formula EntryPointFromJni & ACCESSFLAGS &0x10000000, it may indicate that the function is tampered with; if the logical result is equal to 0 (i.e., is a fixed character), it may indicate that the function has not been tampered with. Wherein, entryPointFromJni may refer to a jump address when a native function such as a native function is executed, ACCESSFLAGS is the flag.
Optionally, before determining whether the objective function is checked according to the flag value, the server may further determine a system version currently used by the terminal device, and further select a mode of determining whether the objective function is checked according to the flag value according to the system version of the current terminal (a hook detection mode below), so as to improve efficiency of hook detection. The corresponding relation between the system version and the hook detection mode can be preset. Or the proportion of the hook mode used by the terminal equipment with the same model in the history can be detected according to the model of the terminal equipment, etc., and the hook mode with the highest proportion, namely the most used hook mode, is used as the hook mode of the terminal equipment, etc., which are not listed herein.
205. When it is determined that the target information item has not been tampered with, a first identification code of the terminal device is generated from the target information item.
That is, before the first identification code is generated according to the target information item, the server can detect whether the function corresponding to the device information is tampered by detecting whether the function is tampered, that is, detecting whether the value of the flag in the function memory is changed, and determining that the authentication of the terminal device fails when the tampering is detected, so as to improve the efficiency of the authentication, or can timely acquire the real device information, that is, the real target information item, when the tampering is detected, so as to perform the authentication based on the device identification code based on the real device information, thereby improving the accuracy and the reliability of the authentication based on the device identification code. If the target information item is detected not to be tampered, the first identification code can be further generated according to the target information item to carry out identity verification, so that the reliability of the generated identification code is ensured, and the accuracy and the reliability of the identity verification are further improved. In addition, optionally, the Android bottom layer source generation API can be adopted to collect the equipment information, so that the equipment information is not easy to tamper.
It will be appreciated that when the target information item is checked using the target checking algorithm to determine whether the target information item is tampered with, if the target information item includes a plurality of information items, it may be that one information item (such as an information item determined randomly or corresponding to the highest priority) of the plurality of information items is checked; the verification may be performed separately for each of the plurality of information items, and if it is determined that all the information items are not tampered, the first identification code may be generated according to the target information item, and if it is determined that any one of the information items is tampered, it may be determined that the authentication of the terminal device fails, or the tampered information item is restored, and then the first identification code is generated based on the actual target information item, so as to perform the authentication.
Alternatively, in other embodiments, other information items in the device information may be checked (hereinafter referred to as checked information items), that is, the checked information item may not be the target information item, for example, the information item with the highest priority among all the information items included in the device information, or the randomly determined information item, and so on. If the verification information item is tampered, determining that the identity verification of the terminal equipment fails; otherwise, if the information item is not tampered, a first identification code can be generated according to the target information item, and then the identity of the terminal equipment is checked. Therefore, the flexibility of the identity verification of the equipment can be improved, and the reliability of the identity verification is further improved.
206. And judging whether the first identification code is matched with a prestored second identification code of the terminal equipment.
207. And when the judgment result is that the first identification code is matched with the second identification code, determining that the authentication of the terminal equipment is successful.
Specifically, the descriptions of steps 206-207 are referred to above with respect to steps 103-104 in the embodiment shown in fig. 1, and are not repeated here.
Optionally, if the device information of the terminal device is identified to be tampered, or the first identification code and the second identification code are not matched, that is, when the identity verification of the terminal device fails, the server may not respond to the client request, or the server may send out alarm information, so as to timely inform the relevant departments of the tampering behavior. For example, the alert information may include: one or more of risk level, user information, device malicious behavior information. The risk level can be determined according to the current wind control scene of the terminal, and the corresponding relation between different wind control scenes and the risk level can be preset; or the risk level can be determined according to the application currently operated by the terminal, and the corresponding relation between different applications and the risk level can be preset; or the risk level can be determined according to the number of functions of the terminal, and the corresponding relation between the number of the different hooks and the risk level can be preset; or the risk level can be determined according to the equipment information of the hook, and the corresponding relation of the equipment information (information items) and the risk level can be preset; or the risk level can be determined according to the priority of the tampered equipment information of the terminal, and the priority of different equipment information, the corresponding relation between each priority and the risk level and the like can be preset. For example, the risk level may be classified as high-risk, medium-risk, low-risk, or primary, secondary, tertiary, etc. The user information may include an identification of the terminal device, a user identification (User Identification, abbreviated: UID), a cell phone number, an identification number (if collected when the client registers with the application), and the like. The malicious behavior information of the device can comprise tampered MAC address, tampered CPU manufacturer, tampered mobile phone model and brand, tampered mobile phone number and the like, and can be specifically determined through the hook detection.
In addition, optionally, the server may also issue an instruction to the terminal device according to the alarm information, so as to control an operation on the terminal device (such as an APP client running on the terminal). For example, if the server determines that the risk level is low, the server may issue a command to instruct the client to output a prompt, requiring the user to input verification information, where the verification manner includes, but is not limited to, a sms verification code, a picture verification code, and the like. If the verification is not passed, the subsequent operation cannot be performed. As another example, if the server determines that the risk level is at medium risk, the server may issue a command instructing the client to prohibit the user from requesting access operations in the current wind-controlled scenario (e.g., logging in, retrieving red-packs, redeeming coupons, consuming, transferring, etc.). As another example, if the server determines that the risk level is high, the server may issue instructions that instruct the client to prohibit all access operations by the user, and so forth, not to mention.
For example, taking identification code as UDID as an example, some APP provides preferential activity for users, and a newly registered user can get a one hundred element red packet, provided that it is a new mobile phone number and is a new device. The lawless person might modify the unsafe UDID so that the APP server considers that the registration comes from a new device at a time, thereby bypassing the security constraints of the APP server to achieve the purpose of illegally making a profit. By adopting the UDID generation and verification mode, the reliable verification of the identity of the terminal equipment can be realized, and further, the successfully verified UDID (such as a first UDID or all second UDIDs) can be compared with the stored UDIDs of the terminal equipment which have received the preferential, if the same UDIDs exist, namely the UDIDs receive the preferential, the preferential receiving operation can be refused, and the behavior of receiving the red packet for the time can be prevented; or may prevent the act of picking up the red packet for that time after recognizing that UDID has been tampered with.
In this embodiment, the server may obtain multiple pieces of equipment information of the terminal equipment, select a target information item from the equipment information according to a preset identification code generation rule, further select a verification algorithm to verify the target information item, and generate a first identification code of the terminal equipment according to the target information item after determining that the target information item is not tampered, so as to determine that the identity verification of the terminal equipment is successful when determining that the first identification code is matched with a second identification code of the pre-stored terminal equipment, which is helpful for determining the authenticity of the identity of the terminal equipment, and improving the reliability of the identity verification of the terminal equipment.
The foregoing method embodiments are all examples of the authentication method based on the device identifier, and the description of each embodiment is focused on, and for the part of a certain embodiment that is not described in detail, reference may be made to the related description of other embodiments.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a server according to an embodiment of the present application. The server of an embodiment of the present application may include means for performing the above-described device identity based authentication method. Specifically, the server 300 of the present embodiment may include: a communication unit 301, a processing unit 302, and a judgment unit 303. Wherein,
A communication unit 301, configured to receive an authentication request sent by a terminal device, where the authentication request includes device information of the terminal device, where the device information includes one or more information items of an identifier of the terminal device, a media access control MAC address, a CPU serial number of a central processing unit, a screen resolution, a motherboard model, a device brand, a CPU model, a device product name, a manufacturer name, an operating system compiling type, an operating system default setting item, and a sensor number;
A processing unit 302, configured to select a target information item from the device information according to a preset identifier generating rule, and generate a first identifier of the terminal device according to the target information item, where the identifier generating rule is used to instruct processing of the target information item according to a preset algorithm, so as to obtain an identifier of the terminal device;
A judging unit 303, configured to judge whether the first identification code is matched with a pre-stored second identification code of the terminal device;
the processing unit 302 is further configured to determine that the authentication of the terminal device is successful when the determination result is that the first identification code and the second identification code are matched.
Optionally, the server further includes: a setting unit 304;
the setting unit 304 is configured to set priorities for the information items respectively;
The processing unit 302 may be specifically configured to determine, according to a priority of each information item included in the device information, an information item with a highest priority among the information items included in the device information, and determine an identifier generation rule corresponding to the information item with the highest priority from a preset identifier generation rule set, where the identifier generation rule set includes multiple identifier generation rules, and different identifier generation rules are used to instruct processing of different information items according to a preset algorithm, so as to obtain an identifier of a terminal device; and selecting a target information item from the equipment information according to the determined identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item.
Optionally, the device information includes an identifier of the terminal device;
The processing unit 302 may be specifically configured to determine, according to a preset correspondence between a terminal device identifier and an identifier generating rule, an identifier generating rule corresponding to the identifier of the terminal device from a preset identifier generating rule set, where the identifier generating rule set includes multiple identifier generating rules, and each identifier generating rule corresponds to one or more terminal device identifiers; and selecting a target information item from the equipment information according to the determined identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item.
Optionally, the processing unit 302 may be specifically configured to detect a system time, and determine a period of time in which the system time is located; determining an identification code generation rule corresponding to a time period where the system time is located from a preset identification code generation rule set according to the corresponding relation between the preset time period and the identification code generation rule, wherein the identification code generation rule set comprises a plurality of identification code generation rules, and each identification code generation rule corresponds to one or a plurality of used time periods; and selecting a target information item from the equipment information according to the determined identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item.
Further optionally, the processing unit 302 may be specifically configured to, when generating the first identification code of the terminal device according to the target information item:
processing the target information item according to a preset hash algorithm to obtain a target hash value corresponding to the target information item;
Processing the target hash value according to a preset processing rule to obtain a processed target hash value, and taking the processed target hash value as a first identification code of the terminal equipment;
The preset processing rule includes replacing a value in a preset position in the target hash value with a preset value, extracting first M values of the target hash value, extracting last N values of the target hash value, or adding one or more preset values from the end of the target hash value to enable the length of the target hash value to reach a preset length, wherein M and N are integers greater than or equal to 1.
Optionally, the processing unit 302 is further configured to determine, according to a correspondence between a preset verification algorithm and an information item, a target verification algorithm corresponding to the target information item from a preset verification algorithm set; verifying the target information item using the target verification algorithm to determine whether the target information item has been tampered with; and triggering the generation of the first identification code of the terminal equipment according to the target information item when the target information item is determined not to be tampered.
Optionally, the determining unit 303 may be specifically configured to obtain a pre-stored identification list of the terminal device, where the identification list includes at least one second identification code, and each second identification code is generated according to a different information item; judging whether the first identification code is matched with a second identification code in an identification list of the terminal equipment; and when the first identification code is matched with any one of the second identification codes in the identification list, determining that the first identification code is matched with the second identification code of the terminal equipment.
Specifically, the server may implement some or all of the steps in the authentication method based on the device identifier in the embodiments shown in fig. 1 to 2 through the units described above. It should be understood that the embodiments of the present application are apparatus embodiments corresponding to the method embodiments, and the description of the method embodiments also applies to the embodiments of the present application.
In this embodiment, the server may be configured to obtain the device information of the terminal device, and select the target information item from the device information according to a preset identifier generating rule, so as to generate the first identifier of the terminal device according to the target information item, and further determine that the authentication of the terminal device is successful when it is determined that the first identifier is matched with the second identifier of the terminal device stored in advance, which is helpful to determine the authenticity of the identity of the terminal device, and promote the reliability of the authentication of the terminal device.
Referring to fig. 4, fig. 4 is a schematic structural diagram of another server according to an embodiment of the present application. The server is used for executing the method. As shown in fig. 4, the server 400 in the present embodiment may include: one or more processors 401, memory 402, and a communication interface 403. Optionally, the server may also include one or more user interfaces 404. The processor 401, communication interface 403, user interface 404, and memory 402 described above may be connected by a bus 405, or may be connected by other means, as illustrated by way of example in fig. 4. Wherein the memory 402 may be used for storing a computer program comprising program instructions, the processor 401 being used for executing the program instructions stored in the memory 402. Wherein the processor 401 may be used to invoke the program instructions to perform some or all of the steps of fig. 1-2 described above.
For example, the processor 401 may be used to call the program instructions to perform the steps of: invoking a communication interface 403 to receive an authentication request sent by a terminal device, where the authentication request includes device information of the terminal device, where the device information includes one or more information items of an identifier of the terminal device, a media access control MAC address, a CPU serial number of a central processing unit, a screen resolution, a motherboard model, a device brand, a CPU model, a device product name, a manufacturer name, an operating system compiling type, an operating system default setting item, and a sensor number; selecting a target information item from the equipment information according to a preset identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item, wherein the identification code generation rule is used for indicating that the target information item is processed according to a preset algorithm so as to obtain an identification code of the terminal equipment; judging whether the first identification code is matched with a prestored second identification code of the terminal equipment or not; and when the judgment result is that the first identification code is matched with the second identification code, determining that the authentication of the terminal equipment is successful.
Optionally, before executing the authentication request sent by the receiving terminal device, the processor 401 is further configured to execute the following steps: setting priority for each information item respectively;
When executing the selection of the target information item from the device information according to the preset identification code generation rule and generating the first identification code of the terminal device according to the target information item, the processor 401 may specifically execute the following steps: determining the information item with the highest priority in the information items included in the equipment information according to the priority of the information items included in the equipment information, and determining an identification code generation rule corresponding to the information item with the highest priority from a preset identification code generation rule set, wherein the identification code generation rule set comprises a plurality of identification code generation rules, and different identification code generation rules are used for indicating different information items to be processed according to a preset algorithm so as to obtain the identification code of the terminal equipment; and selecting a target information item from the equipment information according to the determined identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item.
Optionally, the device information includes an identifier of the terminal device;
When executing the selection of the target information item from the device information according to the preset identification code generation rule and generating the first identification code of the terminal device according to the target information item, the processor 401 may specifically execute the following steps: determining an identification code generation rule corresponding to the identification of the terminal equipment from a preset identification code generation rule set according to the corresponding relation between the preset terminal equipment identification and the identification code generation rule, wherein the identification code generation rule set comprises a plurality of identification code generation rules, and each identification code generation rule corresponds to one or more terminal equipment identifications; and selecting a target information item from the equipment information according to the determined identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item.
Optionally, when executing the selecting, by the processor 401, the target information item from the device information according to the preset identifier generating rule, and generating the first identifier of the terminal device according to the target information item, the following steps may be specifically executed: detecting system time and determining a time period in which the system time is located; determining an identification code generation rule corresponding to a time period where the system time is located from a preset identification code generation rule set according to the corresponding relation between the preset time period and the identification code generation rule, wherein the identification code generation rule set comprises a plurality of identification code generation rules, and each identification code generation rule corresponds to one or a plurality of used time periods; and selecting a target information item from the equipment information according to the determined identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item.
Optionally, the processor 401 may specifically perform the following steps when executing the generating the first identification code of the terminal device according to the target information item: processing the target information item according to a preset hash algorithm to obtain a target hash value corresponding to the target information item; processing the target hash value according to a preset processing rule to obtain a processed target hash value, and taking the processed target hash value as a first identification code of the terminal equipment;
The preset processing rule includes replacing a value in a preset position in the target hash value with a preset value, extracting first M values of the target hash value, extracting last N values of the target hash value, or adding one or more preset values from the end of the target hash value to enable the length of the target hash value to reach a preset length, wherein M and N are integers greater than or equal to 1.
Optionally, the processor 401 is further configured to, before executing the generating the first identification code of the terminal device according to the target information item, execute the following steps: determining a target verification algorithm corresponding to the target information item from a preset verification algorithm set according to the corresponding relation between the preset verification algorithm and the information item; verifying the target information item using the target verification algorithm to determine whether the target information item has been tampered with; and triggering the step of generating the first identification code of the terminal equipment according to the target information item when the target information item is determined not to be tampered.
Optionally, when executing the determining whether the first identification code matches the pre-stored second identification code of the terminal device, the processor 401 may specifically execute the following steps: acquiring a prestored identification list of the terminal equipment, wherein the identification list comprises at least one second identification code, and each second identification code is generated according to different information items; judging whether the first identification code is matched with a second identification code in an identification list of the terminal equipment; and when the first identification code is matched with any one of the second identification codes in the identification list, determining that the first identification code is matched with the second identification code of the terminal equipment.
The Processor 401 may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), off-the-shelf Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The communication interface 403 may include a receiver and a transmitter for communicating with other devices, such as a test terminal.
The user interface 404 may include input devices, which may include a touch pad, a microphone, etc., and output devices, which may include a display (LCD, etc.), speakers, etc.
Memory 402 may include read only memory and random access memory and provides instructions and data to processor 401. A portion of memory 402 may also include non-volatile random access memory. For example, the memory 402 may also store the identification code generation rules described above, a second identification code, and so forth.
In a specific implementation, the processor 401 and the like described in the embodiments of the present application may perform the implementation described in the method embodiments shown in fig. 1 to 2, and may also perform the implementation of each unit described in fig. 3, which is not repeated herein.
The embodiment of the present application further provides a computer readable storage medium, where the computer readable storage medium stores a computer program, where the computer program when executed by a processor may implement some or all of the steps in the authentication method based on a device identifier described in the embodiment corresponding to fig. 1 to 2, and may also implement the functions of the server shown in fig. 3 or fig. 4 of the present application, which are not described herein.
Embodiments of the present application also provide a computer program product comprising instructions which, when run on a computer, cause the computer to perform some or all of the steps of the above method.
The computer readable storage medium may be an internal storage unit of the server according to any of the foregoing embodiments, for example, a hard disk or a memory of the server. The computer readable storage medium may also be an external storage device of the server, such as a plug-in hard disk, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD), or the like, which are provided on the server.
In the present application, the term "and/or" is merely an association relation describing an association object, and means that three kinds of relations may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
In various embodiments of the present application, the sequence number of each process does not mean the sequence of execution, and the execution sequence of each process should be determined by its functions and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present application.
While the application has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the application.

Claims (9)

1. An identity verification method based on a device identification code is characterized by being applied to a server and comprising the following steps:
receiving an identity verification request sent by terminal equipment, wherein the identity verification request comprises equipment information of the terminal equipment, and the equipment information comprises one or more information items of an identifier of the terminal equipment, a Media Access Control (MAC) address, a Central Processing Unit (CPU) serial number, screen resolution, a main board model, an equipment brand, a CPU model, an equipment product name, a manufacturer name, an operating system compiling type, an operating system default setting item and a sensor number;
selecting a target information item from the equipment information according to a preset identification code generation rule, and determining a target verification algorithm corresponding to the target information item from a preset verification algorithm set according to the corresponding relation between the preset verification algorithm and the information item;
verifying the target information item using the target verification algorithm to determine whether the target information item has been tampered with; wherein when the target verification algorithm includes a flag verification algorithm, the verification includes: acquiring a flag value of an objective function corresponding to an objective information item, determining whether the objective function is hook according to the flag value, and if the objective function is hook, determining that the objective information item is tampered;
If the target information item is not tampered, generating a first identification code of the terminal equipment according to the target information item, wherein the identification code generation rule is used for indicating that the target information item is processed according to a preset algorithm so as to obtain the identification code of the terminal equipment;
judging whether the first identification code is matched with a prestored second identification code of the terminal equipment or not;
And when the judgment result is that the first identification code is matched with the second identification code, determining that the authentication of the terminal equipment is successful.
2. The method according to claim 1, characterized in that before the receiving of the authentication request sent by the terminal device, the method further comprises:
setting priority for each information item respectively;
the selecting a target information item from the device information according to a preset identification code generation rule, and generating a first identification code of the terminal device according to the target information item, including:
Determining the information item with the highest priority in the information items included in the equipment information according to the priority of the information items included in the equipment information, and determining an identification code generation rule corresponding to the information item with the highest priority from a preset identification code generation rule set, wherein the identification code generation rule set comprises a plurality of identification code generation rules, and different identification code generation rules are used for indicating different information items to be processed according to a preset algorithm so as to obtain the identification code of the terminal equipment;
and selecting a target information item from the equipment information according to the determined identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item.
3. The method according to claim 1, characterized in that the device information comprises an identification of the terminal device; the selecting a target information item from the device information according to a preset identification code generation rule, and generating a first identification code of the terminal device according to the target information item, including:
Determining an identification code generation rule corresponding to the identification of the terminal equipment from a preset identification code generation rule set according to the corresponding relation between the preset terminal equipment identification and the identification code generation rule, wherein the identification code generation rule set comprises a plurality of identification code generation rules, and each identification code generation rule corresponds to one or more terminal equipment identifications;
and selecting a target information item from the equipment information according to the determined identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item.
4. The method according to claim 1, wherein selecting a target information item from the device information according to a preset identification code generation rule, and generating a first identification code of the terminal device according to the target information item, comprises:
Detecting system time and determining a time period in which the system time is located;
Determining an identification code generation rule corresponding to a time period where the system time is located from a preset identification code generation rule set according to the corresponding relation between the preset time period and the identification code generation rule, wherein the identification code generation rule set comprises a plurality of identification code generation rules, and each identification code generation rule corresponds to one or a plurality of used time periods;
and selecting a target information item from the equipment information according to the determined identification code generation rule, and generating a first identification code of the terminal equipment according to the target information item.
5. The method according to any of claims 1-4, wherein said generating a first identification code of said terminal device from said target information item comprises:
processing the target information item according to a preset hash algorithm to obtain a target hash value corresponding to the target information item;
Processing the target hash value according to a preset processing rule to obtain a processed target hash value, and taking the processed target hash value as a first identification code of the terminal equipment;
The preset processing rule includes replacing a value in a preset position in the target hash value with a preset value, extracting first M values of the target hash value, extracting last N values of the target hash value, or adding one or more preset values from the end of the target hash value to enable the length of the target hash value to reach a preset length, wherein M and N are integers greater than or equal to 1.
6. The method according to any one of claims 1-4, wherein said determining whether the first identification code and a pre-stored second identification code of the terminal device match comprises:
acquiring a prestored identification list of the terminal equipment, wherein the identification list comprises a plurality of second identification codes, and each second identification code is generated according to different information items;
judging whether the first identification code is matched with a second identification code in an identification list of the terminal equipment;
And when the first identification code is matched with any one of the second identification codes in the identification list, determining that the first identification code is matched with the second identification code of the terminal equipment.
7. A server comprising means for performing the method of any of claims 1-6.
8. A server comprising a processor, a communication interface and a memory, the processor, the communication interface and the memory being interconnected, wherein the memory is adapted to store a computer program comprising program instructions, the processor being configured to invoke the program instructions to perform the method of any of claims 1-6.
9. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program comprising program instructions which, when executed by a processor, cause the processor to perform the method of any of claims 1-6.
CN201811429643.2A 2018-11-26 2018-11-26 Identity verification method based on equipment identification code, server and medium Active CN109492378B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811429643.2A CN109492378B (en) 2018-11-26 2018-11-26 Identity verification method based on equipment identification code, server and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811429643.2A CN109492378B (en) 2018-11-26 2018-11-26 Identity verification method based on equipment identification code, server and medium

Publications (2)

Publication Number Publication Date
CN109492378A CN109492378A (en) 2019-03-19
CN109492378B true CN109492378B (en) 2024-06-18

Family

ID=65697862

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811429643.2A Active CN109492378B (en) 2018-11-26 2018-11-26 Identity verification method based on equipment identification code, server and medium

Country Status (1)

Country Link
CN (1) CN109492378B (en)

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110134530B (en) * 2019-04-28 2022-11-11 苏宁易购集团股份有限公司 Session content processing method and device
CN110333997B (en) * 2019-07-15 2023-11-10 秒针信息技术有限公司 Method and device for fusing equipment use information
CN110371081A (en) * 2019-08-08 2019-10-25 深圳市英博超算科技有限公司 Vehicle tamper resistant method, device and vehicle
CN112395585B (en) * 2019-08-15 2023-01-06 奇安信安全技术(珠海)有限公司 Database service login method, device, equipment and readable storage medium
CN112398792B (en) * 2019-08-15 2022-07-05 奇安信安全技术(珠海)有限公司 Login protection method, client, central control management equipment and storage medium
CN110598472B (en) * 2019-09-18 2022-03-22 广州虎牙科技有限公司 Equipment identification method, device, server and storage medium
CN110738396B (en) * 2019-09-18 2024-06-14 创新先进技术有限公司 Feature extraction method, device and equipment for equipment
CN112580341A (en) * 2019-09-27 2021-03-30 北京国双科技有限公司 Method for obtaining case number of legal document and related equipment
CN111274204B (en) * 2019-12-20 2023-05-05 上海淇玥信息技术有限公司 Terminal identification method, method for generating mobile equipment identification combined code and device thereof
CN111382877A (en) * 2020-02-28 2020-07-07 上海高仙自动化科技发展有限公司 Method and device for generating identification code, electronic equipment and storage medium
CN111581240B (en) * 2020-04-15 2023-06-27 Oppo(重庆)智能科技有限公司 Material processing method and device of terminal, storage medium and electronic equipment
CN111585995B (en) * 2020-04-27 2023-10-17 平安银行股份有限公司 Secure wind control information transmission and processing method and device, computer equipment and storage medium
CN113572716B (en) * 2020-04-29 2023-08-08 青岛海尔洗涤电器有限公司 Equipment detection method and system
CN112039898A (en) * 2020-09-01 2020-12-04 广州小鹏汽车科技有限公司 Encrypted communication method, encrypted communication device and vehicle
CN112230858A (en) * 2020-10-22 2021-01-15 北斗星通智联科技有限责任公司 Universal unique identification code writing method and system for navigator
CN112199676A (en) * 2020-11-03 2021-01-08 中国南方电网有限责任公司 Transformer substation operation and maintenance system, method and device and computer equipment
CN113065118B (en) * 2021-03-16 2022-06-14 青岛海尔科技有限公司 Method and device for determining authentication code, storage medium and electronic device
CN113179181B (en) * 2021-04-25 2023-02-28 珠海格力电器股份有限公司 Data acquisition method, device and system, data processing device and electronic equipment
CN113423089B (en) * 2021-05-18 2024-04-19 西安艾润物联网技术服务有限责任公司 Equipment identity recognition control method and device
CN114443739A (en) * 2022-04-08 2022-05-06 北京华顺信安科技有限公司 Method and device for extracting product version number
CN114741664B (en) * 2022-04-21 2024-01-09 巨翊科技(上海)有限公司 Software authorization method, device and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101238680A (en) * 2005-05-31 2008-08-06 国际商业机器公司 System and method for generating unique and persistent identifiers
CN105871855A (en) * 2016-04-11 2016-08-17 杨鹏 Method and system for generating, storing and identifying identification code of electronic equipment
CN107818509A (en) * 2017-11-24 2018-03-20 泰康保险集团股份有限公司 Business datum method of calibration, device, storage medium and electronic equipment

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101271498A (en) * 2008-03-25 2008-09-24 浙江大学 Method for implementing reliable computation through threatened linked list and safety linked list in Linux operating system
CN102271333B (en) * 2011-08-08 2014-04-16 东南大学 Safe receiving and dispatching method for 3G (3rd Generation) message on basis of trusted chain transmission
CN105391695B (en) * 2015-10-20 2018-12-14 山东泰信电子股份有限公司 A kind of terminal registration method and method of calibration
CN107864045B (en) * 2016-09-28 2020-11-24 平安科技(深圳)有限公司 Track recording method and device for identification information
CN107040568B (en) * 2016-09-28 2018-07-13 平安科技(深圳)有限公司 identification information generation method and device
CN106657429A (en) * 2016-10-24 2017-05-10 珠海市魅族科技有限公司 Equipment identifier generating method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101238680A (en) * 2005-05-31 2008-08-06 国际商业机器公司 System and method for generating unique and persistent identifiers
CN105871855A (en) * 2016-04-11 2016-08-17 杨鹏 Method and system for generating, storing and identifying identification code of electronic equipment
CN107818509A (en) * 2017-11-24 2018-03-20 泰康保险集团股份有限公司 Business datum method of calibration, device, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN109492378A (en) 2019-03-19

Similar Documents

Publication Publication Date Title
CN109492378B (en) Identity verification method based on equipment identification code, server and medium
CN109561085B (en) Identity verification method based on equipment identification code, server and medium
US10073916B2 (en) Method and system for facilitating terminal identifiers
CN109117250B (en) Simulator identification method, simulator identification equipment and computer readable medium
CN107908485B (en) Interface parameter transmission method, device, equipment and computer readable storage medium
CN109144665B (en) Simulator identification method, simulator identification equipment and computer readable medium
CN109062667B (en) Simulator identification method, simulator identification equipment and computer readable medium
CN104767713B (en) Account binding method, server and system
CN108763951B (en) Data protection method and device
CN102883324A (en) Security verification method, security verification device and mobile terminal for plugin call in mobile terminal
CN110278192B (en) Method and device for accessing intranet by extranet, computer equipment and readable storage medium
WO2020019482A1 (en) Function hook detection method, function hook detection device, and computer-readable medium
CN110245495B (en) BIOS checking method, configuration method, device and system
CN113225324A (en) Block chain anonymous account creation method, system, device and storage medium
CN110581835A (en) Vulnerability detection method and device and terminal equipment
CN112000853A (en) Method, medium, client and server for generating/feeding back unique identifier of equipment
CN108600259B (en) Authentication and binding method of equipment, computer storage medium and server
WO2015188728A1 (en) Mobile payment security protection method, apparatus and cloud server
CN110597557B (en) System information acquisition method, terminal and medium
CN113849802A (en) Equipment authentication method and device, electronic equipment and storage medium
CN112732676A (en) Data migration method, device, equipment and storage medium based on block chain
CN109167785B (en) Calling method of virtual trusted root and service server
CN117009003B (en) Safe starting method and related device
CN111339528A (en) Method, device and equipment for starting decentralized application and storage medium
CN104134025A (en) Mobile terminal locking method and device based on SIM cards and mobile terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant