A kind of method that mobile device and external equipment are bound and verified
Technical field
The present invention relates to binding and verifying field, binding and school are carried out more particularly to a kind of mobile device and external equipment
The method tested.
Background technology
With the development of mobile payment, more and more people carry out mobile payment using external equipment, these are external to set
The standby equipment that all can be attached with mobile device including audio mobile payment device, USB device etc..User is in mobile device
After the upper progress business operation using external equipment, if external equipment loss is occupied by other staff, and user is not timely
In the case of carrying out handling of card loss, other people can the external equipment can be used to pretend to be original subscriber couple by simple technological means
The account of original subscriber carries out business handling, can cause unnecessary loss to the fund etc. of user in this way.
That is, how to ensure the safety of external equipment, i.e., how to ensure that the external equipment is legal used
, it is a problem to be solved.
Invention content
An embodiment of the present invention provides a kind of methods that mobile device and external equipment are bound and verified, and solve nothing
Method ensures that external equipment is legal the technical issues of being used.
The embodiment of the invention discloses following technical solutions:
A kind of method that mobile device and external equipment are bound, including step:
When external equipment accesses mobile device for the first time, external equipment sends external equipment ID, the movement of the mobile device world
Device identity IMEI, random number and the first secret value are to background system;
First secret value be external equipment by with external equipment ID uniquely corresponding master key to external device id,
Mobile device IMEI, random number are encrypted to obtain;
Background system according to external equipment ID search to obtain in advance backstage preserve described in it is uniquely right with external equipment ID
The master key answered is encrypted the external equipment ID received, mobile device IMEI, random number by the master key
To the second secret value;
Background system compares first secret value and the second secret value, if unanimously, background system determines described first
Secret value is sent out by legal external equipment;
The correspondence of the external equipment ID and mobile device IMEI is bound and is stored by background system.
Preferably, the correspondence of the external equipment ID and mobile device IMEI is bound and is preserved in background system
Afterwards, further include:
External equipment receives the special parameter and third secret value that background system is sent;
The special parameter is the random number that background system generates or pass corresponding with external equipment ID and mobile device IMEI
It is the relevant parameter of binding;
The third secret value be background system by with external equipment ID uniquely corresponding master key to external device id,
Mobile device IMEI and special parameter are encrypted to obtain;
External equipment uses the external equipment ID, the mobile device IMEI that itself preserve and the special parameter received
Uniquely corresponding master key is encrypted with external equipment ID, obtains the 4th secret value;
External equipment compares the third secret value and the 4th secret value, if unanimously, external equipment determines the third
Secret value is sent out by legal background system;
External equipment ID is bound and is stored with mobile device IMEI by external equipment.
Preferably, the special parameter is specially backstage binding time.
A kind of method that mobile device and external equipment are verified, including step:
The external equipment request for accessing mobile device carries out business operation;
Background system receives the external equipment ID and mobile device IMEI of external equipment transmission;
Background system to the reception to external equipment ID and mobile device IMEI with bind and what is stored external sets
Standby ID and mobile device IMEI is compared;
Only when comparison result is consistent, background system allows external equipment to carry out business operation using the mobile device.
Preferably, further include:
External equipment accesses mobile device;
External equipment obtains the mobile device IMEI of access;
The mobile device IMEI of access is compared with the mobile device IMEI of binding storage for external equipment;
Only when comparison result is consistent, external equipment allows the mobile device to carry out business operation.
A kind of method that mobile device and external equipment are bound, including step:
When external equipment accesses mobile device for the first time, external equipment sends external equipment ID, mobile device IMEI, random
It counts and the first secret value to background system;
First secret value be external equipment by with external equipment ID uniquely corresponding master key to external device id,
Mobile device IMEI, random number are encrypted to obtain;
Background system according to external equipment ID search to obtain in advance backstage preserve described in it is uniquely right with external equipment ID
The master key answered is encrypted the external equipment ID received, mobile device IMEI, random number by the master key
To the second secret value;
Background system compares first secret value and the second secret value, if unanimously, background system determines described first
Secret value is sent out by legal external equipment;
External equipment receives the special parameter and third secret value that background system is sent;
The special parameter is the random number that background system generates or pass corresponding with external equipment ID and mobile device IMEI
It is the relevant parameter of binding;
The third secret value be background system by with external equipment ID uniquely corresponding master key to external device id,
Mobile device IMEI and special parameter are encrypted to obtain;
External equipment uses the external equipment ID, the mobile device IMEI that itself preserve and the special parameter received
Uniquely corresponding master key is encrypted with external equipment ID, obtains the 4th secret value;
External equipment compares the third secret value and the 4th secret value, if unanimously, external equipment determines the third
Secret value is sent out by legal background system;
External equipment ID is bound and is stored with mobile device IMEI by external equipment.
Preferably, described, background system determines that first secret value is after being sent out by legal external equipment, to send out
Before sending special parameter and third secret value to external equipment, further include:
The correspondence of the external equipment ID and mobile device IMEI is bound and is stored by background system.
Preferably, the characteristic parameter is specially backstage binding time.
A kind of method that mobile device and external equipment are verified, including:
External equipment accesses mobile device;
External equipment obtains the mobile device IMEI of access;
The mobile device IMEI of access is compared with the binding mobile equipment IMEI of storage for external equipment;
Only when comparison result is consistent, external equipment allows the mobile device to carry out business operation.
Preferably, further include:
The external equipment request for accessing mobile device carries out business operation;
Background system receives the external equipment ID and mobile device IMEI of external equipment transmission;
Background system to the external equipment ID and mobile device IMEI that receive and the external equipment ID for binding and storing and
Mobile device IMEI is compared;
Only when comparison result is consistent, background system allows external equipment to carry out business operation using the mobile device.
As can be seen from the above-described embodiment, the present invention is by mobile device to user and external equipment is bound and school
The method tested binds mobile device in external equipment access mobile device for the first time, uses this external every time later
Equipment carries out being required for verifying the mobile device of access when business operation so that external equipment only has access to be bound
Mobile device could carry out business operation, thus greatly improve the safety of external equipment.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention without having to pay creative labor, may be used also for those of ordinary skill in the art
With obtain other attached drawings according to these attached drawings.
The binding method signaling diagram for the method that Fig. 1 is a kind of mobile device of the present invention and external equipment is bound;
The method of calibration flow chart for the method that Fig. 2 is a kind of mobile device of the present invention and external equipment is verified;
Another binding method signaling for the method that Fig. 3 is a kind of mobile device of the present invention and external equipment is bound
Figure;
Another method of calibration flow for the method that Fig. 4 is a kind of mobile device of the present invention and external equipment is verified
Figure.
Specific implementation mode
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, below in conjunction with the accompanying drawings to the present invention
Embodiment is described in detail.
Embodiment one
The present invention is provided for this pattern for being carried out related service operation using the external equipment for having accessed mobile device
Two different binding methods are the binding of mobile device and external equipment and tying up for mobile device and background system respectively
Fixed, the present embodiment mainly describes the binding of mobile device and background system.
Referring to Fig. 1, the binding method letter of its method bound for a kind of mobile device of the present invention and external equipment
Figure is enabled, this approach includes the following steps:
S101:When external equipment accesses mobile device for the first time, external equipment obtains the IMEI (world shiftings of the mobile device
Dynamic device identity), the ID of the external equipment, and generate a random number;
External equipment using it is prestoring, with the unique corresponding master keys of external equipment ID, to external device id, move and set
Standby IMEI and random number are encrypted, and obtain the first secret value.
It should be noted that user for the first time by mobile device access external equipment after, can be by mobile device
Software interface sends bind request to external equipment, and external equipment is after obtaining bind request, you can completes above-mentioned encryption step
Suddenly.
Preferably, process key SESLK is generated used here as by master key, then by the SESLK to external equipment
ID and mobile device IMEI are encrypted, and generate MAC1, i.e. the first secret value.
The SESLK is the single-length key generated with variable data, is used only once after generation.The group of the SESLK
It is as follows at form:
SESLK:Random number | | external equipment ID | | ' 8000 '.
It should be noted that random number here refers in particular to the random number that external equipment generates in S101.
The MAC is the data chunk generated by following methods, and operation, which is encrypted, by SESLK obtains:
The first step:The initial value (Initial Vector) of one 8 byte long is set as 16 systems ' 0,x00 00
00 00 00 00 00 00’。
Second step:All input datas are connected into a data block in a designated order.
Third walks:The data block connected into is divided into the data chunk of 8 byte longs, is identified as D1, D2, D3, D4 etc..
To the end, remaining byte forms last block data block that a length is less than or equal to 8 bytes for segmentation.
4th step:If the last one data block length is 8 bytes, additional 8 byte longs after this data block
Data block, additional data block are:16 systems ' 0x 80 00 00 00 00 00 00 00 '.If the last one data block
Length is less than 8 bytes, then the last of the data block fills up the byte that a value is 16 systems ' 0x80 '.If the number after filling up
It is equal to 8 bytes according to block length, then skips to the 5th step.If the data block length after filling up is still less than 8 bytes, in data block
Byte to the data block length for filling up 16 systems ' 0x00 ' afterwards is 8 bytes.
Operation is encrypted using SESLK to obtained data in 5th step.
6th step obtains the MAC of 4 byte lengths.
Certainly, above only a preferred cipher mode, the present invention are not defined cipher mode, can appoint
The cipher mode what is encrypted by using the master key.
S102:External equipment is by the mobile device of access by external equipment ID, mobile device IMEI, random number and first
Secret value is sent to background system.
S103:Background system is found close with its unique corresponding master in the database by the external equipment ID received
Key, using the master key with identical cipher mode in S101 to the above-mentioned external equipment ID, the mobile device IMEI that receive and
Random number is encrypted, and obtains the second secret value.
S104:The first secret value received and the second secret value is compared in background system, if comparison result one
It causes, this means that used master key is encrypted for external equipment and used master key one is encrypted in background system
It causes, then background system determines that first secret value is sent out by legal external equipment.
It should be noted that if comparison result is inconsistent, mean that external equipment is main close used in being encrypted
Used master key difference is encrypted in key and background system, then background system determines that first secret value is by illegal
What external equipment was sent out, and refusal request message is sent immediately to the external equipment for accessing mobile device.
S105:The correspondence of the external equipment ID and mobile device IMEI is bound and is stored by background system.
It is corresponding, there is a kind of method of calibration, sees embodiment two.
Embodiment two
Referring to Fig. 2, the method for calibration flow chart of its a kind of method verified for mobile device and external equipment, packet
Include step:
S201:The external equipment request for accessing mobile device carries out business operation.
After binding, when carrying out business operation using the external equipment request of access mobile device every time, external equipment
External equipment ID and mobile device IMEI will be sent by the mobile device of access to background system.
S202:Background system receives the external equipment ID and mobile device IMEI of external equipment transmission.
S203:Background system is to the external equipment ID and mobile device IMEI that receive and the external equipment bound and stored
ID and mobile device IMEI are compared.
S204:Only when comparison result is consistent, background system allows external equipment to carry out business using the mobile device
Operation.
By this verification mode it can be seen from embodiment two, tied up using corresponding only on external equipment
Fixed mobile device could carry out business operation by the external equipment.
Embodiment three
The present embodiment mainly describes the binding of mobile device and external equipment.
Referring to Fig. 3, another binding method letter of its a kind of method bound for mobile device and external equipment
Enable figure, including step:
The particular content of S301 to S304 please refers to the S101 to S104 in embodiment one.
It is distinguishing to be, step S304 be compared result it is consistent after, background system and without bindings, but
It is directly entered S305.
S305:Background system sends special parameter and third secret value to the external equipment of access mobile device.
The special parameter is the random number that background system generates or pass corresponding with external equipment ID and mobile device IMEI
It is the relevant parameter of binding.
The third secret value be background system by with external equipment ID uniquely corresponding master key to external device id,
Mobile device IMEI and special parameter are encrypted to obtain.
Preferably, used here as by the way that uniquely corresponding master key generates process key SESLK with external equipment ID, then
The external equipment ID, mobile device IMEI and special parameter are encrypted by the SESLK, generate MAC2, i.e. third
Secret value.
The SESLK is the single-length key generated with variable data, is used only once after generation.The group of the SESLK
It is as follows at form:
SESLK:Random number | | external equipment ID | | ' 8000 '.
What needs to be explained here is that random number here is to refer in particular to external equipment in S302 to be sent to the described of background system
Random number.
Certainly, above only a preferred cipher mode, the present invention are not defined cipher mode, can appoint
The cipher mode what is encrypted by using the master key.
S306:External equipment is to the external equipment ID, the mobile device IMEI that itself preserve and the specific ginseng received
Uniquely corresponding master key is encrypted with external equipment ID for number use, obtains the 4th secret value.
It should be noted that being encrypted used here as the identical cipher mode with S305.
S307:External equipment compares the third secret value and the 4th secret value, if comparison result is consistent, this means that
External equipment be encrypted used in master key and background system be encrypted used in master key it is consistent, then external equipment
Determine that the third secret value is sent out by legal background system.
It should be noted that if comparison result is inconsistent, mean that external equipment is main close used in being encrypted
Used master key difference is encrypted in key and background system, then external equipment determines that the third secret value is by illegal
Background system send out, external equipment will not carry out bindings.
S308:External equipment ID is bound and is stored with mobile device IMEI by external equipment.
It should be noted that external equipment energy and be only capable of carry out a bindings, once to movement on external equipment
Equipment is bound, and user will be unable to carry out other bindings using the external equipment, can not also be repaiied to the binding
Change or solve binding.
It is corresponding, there is a kind of method of calibration, sees the S401 to S404 in example IV.
Example IV
Referring to Fig. 4, another method of calibration stream of its a kind of method verified for mobile device and external equipment
Cheng Tu, including step:
S401:External equipment accesses mobile device.
After binding, when carrying out business operation using the external equipment request of access mobile device every time, external equipment
Verification operation can be carried out to the mobile device.
S402:External equipment obtains the IMEI of the mobile device of access.
S403:The mobile device IMEI of access is compared with the mobile device IMEI of binding storage for external equipment.
S404:Only when comparison result is consistent, external equipment allows the mobile device to carry out business operation.
S405 to S408 please refers to the S201 to S204 in embodiment two.
By this verification mode it can be seen from example IV, tied up using corresponding only on external equipment
Fixed mobile device could carry out business operation by the external equipment.
Embodiment five
For the binding of mobile device and background system described in embodiment one, the present embodiment will be described in being based on
The binding of mobile device and external equipment after the binding of mobile device and background system.
Further include step referring to Fig. 1, being based on embodiment one:
S106:Background system sends special parameter and third secret value to the external equipment of access mobile device.
The special parameter is the random number that background system generates or pass corresponding with external equipment ID and mobile device IMEI
It is the relevant parameter of binding.
Preferably, the special parameter is specially backstage binding time.
The third secret value be background system by with external equipment ID uniquely corresponding master key to external device id,
Mobile device IMEI and special parameter are encrypted to obtain.
Preferably, used here as by the way that uniquely corresponding master key generates process key SESLK with external equipment ID, then
The external equipment ID, mobile device IMEI and special parameter are encrypted by the SESLK, generate MAC2, i.e. third
Secret value.
SESLK is the single-length key generated with variable data, is used only once after generation.The group of the SESLK shapes
Formula is as follows:
SESLK:Random number | | external equipment ID | | ' 8000 '.
What needs to be explained here is that random number here, which refers in particular to external equipment in embodiment one, is sent to background system
The random number.
Certainly, above only a preferred cipher mode, the present invention are not defined cipher mode, can appoint
The cipher mode what is encrypted by using the master key.
S107:External equipment is to the external equipment ID, the mobile device IMEI that itself preserve and the specific ginseng received
Uniquely corresponding master key is encrypted with external equipment ID for number use, obtains the 4th secret value.
It should be noted that being encrypted used here as the identical cipher mode with S106.
S108:External equipment compares the third secret value and the 4th secret value, if comparison result is consistent, this means that
External equipment be encrypted used in master key and background system be encrypted used in master key it is consistent, then external equipment
Determine that the third secret value is sent out by legal background system.
It should be noted that if comparison result is inconsistent, mean that external equipment is main close used in being encrypted
Used master key difference is encrypted in key and background system, then external equipment determines that the third secret value is by illegal
Background system send out, external equipment will not carry out bindings.
S109:External equipment ID is bound and is stored with mobile device IMEI by external equipment.
It should be noted that external equipment energy and be only capable of carry out a bindings, once to movement on external equipment
Equipment is bound, and user will be unable to carry out other bindings using the external equipment, can not also be repaiied to the binding
Change or solve binding.
For this binding mode, corresponding verification mode please refers to example IV.
Embodiment six
For the binding of mobile device and external equipment described in embodiment three, the present embodiment will be described in moving
The binding of mobile device and background system before the binding of dynamic equipment and background system.
Further include step referring to Fig. 3, based on the basis of embodiment three:
After comparison in S304 is consistent, S305 background systems, which send special parameter and third secret value and moved to access, to be set
Before standby external equipment, the correspondence of the external equipment ID and mobile device IMEI is bound and is preserved by background system.
Accordingly, it is preferred that the special parameter in embodiment three is specially backstage binding time.
For this binding mode, corresponding verification mode please refers to example IV.
Embodiment seven
Certainly, other than above-mentioned cryptographic check method, following method can also be used:
Each external equipment has a pair of of external equipment public key and an external equipment private key, the external equipment public key and external
Device private is unique corresponding, the external equipment private key of oneself can be written in external equipment, by corresponding external equipment public key
It is stored in background system.
Background system also has a pair of of background system public key and background system private key, the background system public key and background system
Private key is unique corresponding, and the background system private key of oneself is preserved in background system, and all external equipments all can in manufacture
Preserve the public key of background system.
When binding information is sent to background system by external equipment, encryption process is as follows:
External equipment uses the external device private key encryption data of oneself, then with the external device private key pair encryption of oneself
Data afterwards are signed.
Signature and encrypted data are sent to background system.
Whether background system is effective come the signature verified using the external equipment public key of the corresponding external equipment, if
Effectively, then the external equipment public key is continuing with data are decrypted.
After decryption passes through, the binding relationship of external equipment ID and mobile device IMEI are stored in background system.
After the completion of background system binding, when issuing data to external equipment, using following procedure:
Background system uses background system private key encryption data, is then carried out with the data after background system private key pair encryption
Signature.
The signature and encrypted data are sent to external equipment.
Whether the signature that external equipment is verified using the system background public key of preservation is effective, if it is valid, after
The continuous background system public key using preservation is to data deciphering.
After the completion of decryption, external equipment will be in the binding relationship write device with mobile device IMEI.
As can be seen from the above-described embodiment, the present invention is by mobile device to user and external equipment is bound and school
The method tested binds mobile device in external equipment access mobile device for the first time, uses this external every time later
Equipment carries out being required for verifying the mobile device of access when business operation so that external equipment only has access to be bound
Mobile device could carry out business operation, thus greatly improve the safety of external equipment.
It should be noted that one of ordinary skill in the art will appreciate that realizing the whole in above-described embodiment method or portion
Split flow is relevant hardware can be instructed to complete by computer program, and the program can be stored in a computer
In read/write memory medium, the program is when being executed, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, described
Storage medium can be magnetic disc, CD, read-only memory (Read-Only Memory, ROM) or random access memory
(Random AccessMemory, RAM) etc..
A kind of mobile device provided by the present invention and the method that external equipment is bound and verified are carried out above
It is discussed in detail, principle and implementation of the present invention are described for specific embodiment used herein, above example
Explanation be merely used to help understand the present invention method and its core concept;Meanwhile for those of ordinary skill in the art,
According to the thought of the present invention, there will be changes in the specific implementation manner and application range, in conclusion in this specification
Appearance should not be construed as limiting the invention.