CN114048438A - Equipment authentication method and device, equipment, medium and product thereof - Google Patents

Equipment authentication method and device, equipment, medium and product thereof Download PDF

Info

Publication number
CN114048438A
CN114048438A CN202111327298.3A CN202111327298A CN114048438A CN 114048438 A CN114048438 A CN 114048438A CN 202111327298 A CN202111327298 A CN 202111327298A CN 114048438 A CN114048438 A CN 114048438A
Authority
CN
China
Prior art keywords
playing
key
authentication
equipment
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111327298.3A
Other languages
Chinese (zh)
Inventor
吴少义
范苑
黄裕佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Geshen Information Technology Co ltd
Original Assignee
Guangzhou Geshen Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Geshen Information Technology Co ltd filed Critical Guangzhou Geshen Information Technology Co ltd
Priority to CN202111327298.3A priority Critical patent/CN114048438A/en
Publication of CN114048438A publication Critical patent/CN114048438A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a device authentication method and a device, a medium and a product thereof, wherein the method comprises the following steps: receiving a start timestamp transmitted by terminal equipment electrically connected with current playing equipment; correspondingly generating a first private key and a first public key, and generating a symmetric key according to the first private key and a pre-stored second public key; encrypting the certificate information by the symmetric key to obtain a corresponding ciphertext; constructing the ciphertext and the first public key as authentication information, and submitting the authentication information to a server with the second private key for corresponding authentication after the starting timestamp is superposed by the terminal equipment; and confirming that the terminal equipment returns the check random code representing successful authentication and storing the service life information so as to restrict the current playing equipment to call the validity period of the multimedia file stored in the current playing equipment. The method and the device can safely and reliably realize the device authentication among the playing device, the terminal device and the server device.

Description

Equipment authentication method and device, equipment, medium and product thereof
Technical Field
The present application relates to the field of data security, and in particular, to a device authentication method, and a corresponding apparatus, computer device, computer-readable storage medium, and computer program product.
Background
In the information age, the importance of data security is self-evident. Copyright protection of multimedia files such as music, video and the like also puts corresponding requirements on data security technology. For the field, there is a way in the prior art that a copyright party distributes owned multimedia files to a terminal user through a plurality of intermediaries, the user can authenticate the copyright party through any terminal device by means of an encryption device, and the copyright party opens access rights of the corresponding multimedia files to the user after authenticating the encryption device.
In the encryption equipment, the encryption chip is adopted to authenticate the use authority of the multimedia file acquired by the user so as to achieve the purpose of effectively identifying and controlling the use of the multimedia file by the user. The legal authorized encryption equipment can download, transmit and play the multimedia file.
In reality, the multimedia files acquired by the user are mostly unclear in source, most of the multimedia files may be derived from a non-regular copyright source, so that the multimedia files cannot be updated in time through the regular copyright source, the tone quality, the image quality and the like of the multimedia files cannot be improved, and the user experience is influenced. Moreover, the transmission of multimedia files among authorized devices is a problem that is troubling users, because the transmission mode is complicated, and generally needs to be operated by a computer to perform the operations of importing and exporting multimedia files among authorized devices.
In order to conveniently use the playing equipment of the multimedia file for authentication, guide a user to reasonably and legally obtain the legal resources through a regular copyright source, provide convenience for an authorized playing equipment manufacturer to obtain the legal resources and assist in popularization of the legal resources, the method and the device perform corresponding exploration.
Disclosure of Invention
The application aims to meet user requirements and provides a device authentication method and a corresponding device, computer equipment, a non-volatile storage medium and a computer program product.
In order to meet various purposes of the application, the following technical scheme is adopted in the application:
the playing device authentication method provided by the purpose of the application comprises the following steps:
receiving a start timestamp transmitted by terminal equipment electrically connected with current playing equipment;
correspondingly generating a first private key and a first public key, and generating a symmetric key according to the first private key and a pre-stored second public key, wherein the second private key corresponding to the second public key is held by the server;
encrypting the certificate information by the symmetric key to obtain a corresponding ciphertext, wherein the certificate information comprises an equipment feature code, a check random code and the starting timestamp of the current playing equipment;
constructing the ciphertext and the first public key as authentication information, and submitting the authentication information to a server with the second private key for corresponding authentication after the starting timestamp is superposed by the terminal equipment;
and confirming that the terminal equipment returns the check random code representing successful authentication and storing the service life information so as to restrict the current playing equipment to call the validity period of the multimedia file stored in the current playing equipment.
In a further embodiment, the method is characterized in that a first private key and a first public key are correspondingly generated, a symmetric key is generated according to the first private key and a pre-stored second public key, and a second private key corresponding to the second public key is held by a server, and includes the following steps:
generating a temporary random number as a first private key, and calculating and determining a first public key corresponding to the first private key by adopting an asymmetric encryption algorithm of a server pre-protocol;
calculating a shared key associated with the second public key and the first private key using a key agreement algorithm pre-agreed with the server;
and intercepting a preset word length from the shared secret key to be used as a symmetric secret key.
In a further embodiment, the method for obtaining a corresponding ciphertext by encrypting credential information with the symmetric key, where the credential information includes a device feature code, a check random code, and the start timestamp of a current playback device includes the following steps:
generating a check random code;
splicing and constructing voucher information according to a pre-protocol sequence and a pre-protocol word length, so that the voucher information comprises an equipment feature code, a check random code and the starting timestamp of the current playing equipment;
and encrypting the certificate information by using the symmetric key to obtain a corresponding ciphertext.
In a preferred embodiment, the step of confirming that the terminal device returns the check random code representing successful authentication and stores the lifetime information for restricting the lifetime of the multimedia file called and stored in the current playing device comprises the following steps:
receiving a notification message returned by the terminal equipment, and extracting a check random code in the notification message;
comparing the check random code with the check random code cached by the current playing equipment, and confirming that the authentication is successful when the comparison is consistent;
and receiving the service life information issued by the terminal equipment after the authentication is successful and storing the service life information in a storage medium of the current playing equipment, wherein the service life information comprises current date information, valid service life information of the current playing equipment and privilege service life information of a current online user related to the terminal equipment.
In a preferred embodiment, after the step of confirming that the terminal device returns the check random code representing successful authentication and storing the lifetime information for restricting the validity period of the multimedia file called and stored in the current playing device, the method includes the following steps:
receiving and storing a multimedia file transmitted by the terminal equipment, wherein the multimedia file is an unencrypted file;
storing the multimedia file into a hidden partition of a storage medium of the current playing equipment;
and responding to a playing instruction acting on the multimedia file, verifying the validity of the service life information, and playing the corresponding multimedia file when the validity is verified.
In a preferred embodiment, after the step of confirming that the terminal device returns the check random code representing successful authentication and storing the lifetime information for restricting the validity period of the multimedia file called and stored in the current playing device, the method includes the following steps:
receiving and storing a multimedia file transmitted by the terminal equipment, wherein the multimedia file is an encrypted file;
storing the multimedia file into a storage medium of the current playing equipment;
and responding to a playing instruction acting on the multimedia file, verifying the validity of the service life information, and decrypting and playing the corresponding multimedia file when the validity is verified.
The server equipment authentication method applicable to the purpose of the application comprises the following steps:
acquiring authentication information and an initial timestamp submitted by a terminal device, wherein the authentication information comprises a first public key generated by a playing device electrically connected with the terminal device and a ciphertext obtained by encrypting certificate information by using a symmetric key, the certificate information comprises a device feature code, a check random code and the initial timestamp of the playing device, and the symmetric key is generated by associating a first private key corresponding to the first public key and a second public key pre-distributed by a server;
decrypting the ciphertext according to a second private key corresponding to the second public key and the first public key held by the server to obtain the credential information;
verifying and confirming that the starting timestamp submitted by the terminal equipment is consistent with the starting timestamp in the decrypted certificate information;
verifying the legality of the equipment feature code according to a preset authorized equipment library, and confirming that the corresponding playing equipment is legal equipment;
and after the verification passes, sending a notification message representing successful authentication to the terminal equipment so that the terminal equipment forwards the notification message to the playing equipment, wherein the notification message comprises the check random code.
In a further embodiment, the method for decrypting the ciphertext according to the second private key corresponding to the second public key and the first public key held by the server to obtain the credential information includes the following steps:
calculating a shared key associated with a second private key corresponding to the second public key held by the server and a first public key of the terminal device by using a key negotiation algorithm pre-agreed with the playing device;
intercepting a preset word length from the shared secret key to be used as a symmetric secret key;
and decrypting the ciphertext by adopting the symmetric key to obtain corresponding credential information.
The terminal equipment authentication method applicable to the purpose of the application comprises the following steps:
transmitting a start time stamp to a playing device electrically connected with a current terminal device to control the playing device to return authentication information, wherein the authentication information comprises a first public key generated by the playing device and a ciphertext obtained by encrypting certificate information by using a symmetric key, the certificate information comprises a device feature code, a check random code and the start time stamp of the playing device, and the symmetric key is generated by associating a first private key corresponding to the first public key and a second public key pre-allocated by a server;
the authentication information is superposed with the starting timestamp and submitted to a server for authentication;
and after the server passes the authentication according to the authentication information and the starting timestamp, sending a notification message which is provided by the server and contains the check random code to the playing equipment so as to control the playing equipment to store the service life information of the online user of the current terminal equipment, wherein the service life information is used for restricting the playing equipment to call the validity period of the multimedia file stored in the playing equipment.
In a further embodiment, the method for transmitting the start timestamp to a playback device electrically connected to the local player includes the steps of:
responding to the access event of the playing device, and acquiring a verification random code relative to the playing device from a cache for verification of the playing device;
and when the playing device returns a notification message of successful verification, transmitting a starting time stamp to the playing device.
A playback device authentication apparatus adapted to the purpose of the present application, includes:
the receiving timestamp module is used for receiving a starting timestamp transmitted by the terminal equipment electrically connected with the current playing equipment;
the key generation module correspondingly generates a first private key and a first public key, and generates a symmetric key according to the first private key and a pre-stored second public key, wherein the second private key corresponding to the second public key is held by the server;
the ciphertext construction module is used for encrypting the certificate information by the symmetric key to obtain a corresponding ciphertext, wherein the certificate information comprises an equipment feature code, a check random code and the starting timestamp of the current playing equipment;
the server authentication module constructs the ciphertext and the first public key into authentication information, and submits the authentication information to a server holding the second private key for corresponding authentication after the initial timestamp is superposed by the terminal equipment;
and the authentication completion module is used for confirming that the terminal equipment returns the check random code representing the successful authentication and storing the service life information so as to be used for restricting the validity period of the multimedia file called and stored in the current playing equipment.
A server device authentication apparatus proposed in conformity with an object of the present application, comprising:
the authentication preparation module is used for acquiring authentication information and an initial timestamp submitted by the terminal equipment, wherein the authentication information comprises a first public key generated by playing equipment electrically connected with the terminal equipment and a ciphertext obtained by encrypting certificate information by using a symmetric key, the certificate information comprises an equipment feature code, a check random code and the initial timestamp of the playing equipment, and the symmetric key is generated by associating a first private key corresponding to the first public key and a second public key pre-distributed by a server;
the ciphertext decryption module decrypts the ciphertext according to a second private key corresponding to the second public key and the first public key which are held by the server to obtain the credential information;
the timestamp checking module is used for checking and confirming that the starting timestamp submitted by the terminal equipment is consistent with the starting timestamp in the decrypted certificate information;
the equipment checking module is used for checking the legality of the equipment feature code according to a preset authorized equipment library and confirming that the corresponding playing equipment is legal equipment;
and the notification forwarding module is used for sending a notification message representing successful authentication to the terminal equipment after the verification is passed so that the terminal equipment forwards the notification message to the playing equipment, wherein the notification message comprises the check random code.
A terminal device authentication apparatus adapted to an object of the present application, includes:
the authentication information interaction module is used for transmitting a starting timestamp to the playing equipment electrically connected with the current terminal equipment so as to control the playing equipment to return authentication information, wherein the authentication information comprises a first public key generated by the playing equipment and a ciphertext obtained by encrypting certificate information by using a symmetric key, the certificate information comprises an equipment feature code, a check random code and the starting timestamp of the playing equipment, and the symmetric key is generated by associating a first private key corresponding to the first public key and a second public key pre-distributed by a server;
the server authentication module is used for superposing the authentication information with the starting timestamp and submitting the information to a server for authentication;
and the authentication completion module is used for sending the notification message which is provided by the server and contains the check random code to the playing equipment after the server passes the authentication according to the authentication information and the starting timestamp so as to control the playing equipment to store the service life information of the online user of the current terminal equipment, wherein the service life information is used for restricting the playing equipment to call the validity period of the multimedia file stored in the playing equipment.
A computer device adapted to one of the objects of the present application is provided, comprising a central processing unit and a memory, said central processing unit being adapted to invoke execution of a computer program stored in said memory to perform the steps of the device authentication method described in the present application.
A computer-readable storage medium, which stores in the form of computer-readable instructions a computer program implemented according to the device authentication method described, which, when invoked by a computer, performs the steps comprised by the method.
A computer program product adapted for another purpose of the present application is provided, comprising computer program/instructions which, when executed by a processor, implement the steps of the device authentication method described in any one of the embodiments of the present application.
Compared with the prior art, the application has the following advantages:
firstly, the method coordinates the playing device and the server to perform corresponding authentication data encryption and decryption operations on the network through a software encryption algorithm and the terminal device, safely and reliably realizes the authorization verification of the playing device, and has the advantages of strong operability, convenient authentication, convenient maintenance, lower cost and the like compared with a hardware decryption mode in the prior art. The authorized playing device can perform operations such as authentication, downloading, importing and exporting of the legal multimedia file in a full-service chain mode through the terminal device connected with the authorized playing device, and the operation is very efficient.
Secondly, in the application, a second private key and a corresponding second public key are generated in advance by a server, the second private key is stored, the corresponding second public key is distributed to a playing device, when authentication communication starts, the playing device temporarily generates a first private key and a corresponding first public key each time, the first private key is stored, the second public key is distributed to the server, the same shared secret key can be obtained by the server and the playing device through a secret key negotiation algorithm, and then the two parties obtain the same symmetric secret key through a pre-protocol mode for symmetric encryption and decryption. Furthermore, when the server and the playback device obtain the symmetric key, the first private key and the first public key that are temporarily generated can be correspondingly deleted, and then even if the two parties receive an attack to obtain the second public key and the second private key, the symmetric key cannot be obtained to decrypt the ciphertext, so that the security of the current authentication communication is further improved.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a schematic flowchart illustrating an exemplary embodiment of an authentication method for a playback device according to the present application;
fig. 2 is a schematic flowchart illustrating a process of generating a symmetric key by a playback device in an embodiment of the present application;
fig. 3 is a schematic flowchart illustrating a process of generating a ciphertext through encryption by a playback device in an embodiment of the present application;
fig. 4 is a schematic flowchart illustrating reverse authentication of a playback device in an embodiment of the present application;
fig. 5 is a schematic flowchart illustrating a playing process of a multimedia file by a playing device with a weaker decryption capability in an embodiment of the present application;
fig. 6 is a schematic flow chart of playing a multimedia file by a playing device with a stronger decryption capability in an embodiment of the present application;
FIG. 7 is a schematic flow chart diagram illustrating an exemplary embodiment of a server device authentication method of the present application;
fig. 8 is a schematic flowchart of a server decrypting a ciphertext according to an embodiment of the present application;
fig. 9 is a schematic flow chart diagram of an exemplary embodiment of a terminal device authentication method of the present application;
FIG. 10 is a flow diagram illustrating a cache authentication and transmission of a start timestamp in an embodiment of the present application;
fig. 11 is a schematic block diagram of an exemplary embodiment of an authentication apparatus for a playback device, a server device, and a terminal device according to the present application from left to right;
fig. 12 is a schematic structural diagram of a computer device used in the present application.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
It will be understood by those within the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
As will be appreciated by those skilled in the art, "client," "terminal," and "terminal device" as used herein include both devices that are wireless signal receivers, which are devices having only wireless signal receivers without transmit capability, and devices that are receive and transmit hardware, which have receive and transmit hardware capable of two-way communication over a two-way communication link. Such a device may include: cellular or other communication devices such as personal computers, tablets, etc. having single or multi-line displays or cellular or other communication devices without multi-line displays; PCS (Personal Communications Service), which may combine voice, data processing, facsimile and/or data communication capabilities; a PDA (Personal Digital Assistant), which may include a radio frequency receiver, a pager, internet/intranet access, a web browser, a notepad, a calendar and/or a GPS (Global Positioning System) receiver; a conventional laptop and/or palmtop computer or other device having and/or including a radio frequency receiver. As used herein, a "client," "terminal device" can be portable, transportable, installed in a vehicle (aeronautical, maritime, and/or land-based), or situated and/or configured to operate locally and/or in a distributed fashion at any other location(s) on earth and/or in space. The "client", "terminal Device" used herein may also be a communication terminal, a web terminal, a music/video playing terminal, such as a PDA, an MID (Mobile Internet Device) and/or a Mobile phone with music/video playing function, and may also be a smart tv, a set-top box, and the like.
The hardware referred to by the names "server", "client", "service node", etc. is essentially an electronic device with the performance of a personal computer, and is a hardware device having necessary components disclosed by the von neumann principle such as a central processing unit (including an arithmetic unit and a controller), a memory, an input device, an output device, etc., a computer program is stored in the memory, and the central processing unit calls a program stored in an external memory into the internal memory to run, executes instructions in the program, and interacts with the input and output devices, thereby completing a specific function.
It should be noted that the concept of "server" as referred to in this application can be extended to the case of a server cluster. According to the network deployment principle understood by those skilled in the art, the servers should be logically divided, and in physical space, the servers may be independent from each other but can be called through an interface, or may be integrated into one physical computer or a set of computer clusters. Those skilled in the art will appreciate this variation and should not be so limited as to restrict the implementation of the network deployment of the present application.
One or more technical features of the present application, unless expressly specified otherwise, may be deployed to a server for implementation by a client remotely invoking an online service interface provided by a capture server for access, or may be deployed directly and run on the client for access.
The neural network models referenced or potentially referenced in this application, unless specified in the clear, may be deployed either on a remote server and remotely invoked at the client, or directly invoked at the device-capable client. Those skilled in the art will appreciate that the device can be used as a model training device and a model operating device corresponding to the neural network model as long as the device operating resources are suitable. In some embodiments, when the client-side hardware execution system runs on the client-side, the corresponding intelligence of the client-side hardware execution system can be obtained through migration learning, so that the requirement on the hardware execution resources of the client-side is reduced, and the excessive occupation of the hardware execution resources of the client-side is avoided.
Various data referred to in the present application may be stored in a server remotely or in a local terminal device unless specified in the clear text, as long as the data is suitable for being called by the technical solution of the present application.
The person skilled in the art will know this: although the various methods of the present application are described based on the same concept so as to be common to each other, they may be independently performed unless otherwise specified. In the same way, for each embodiment disclosed in the present application, it is proposed based on the same inventive concept, and therefore, concepts of the same expression and concepts of which expressions are different but are appropriately changed only for convenience should be equally understood.
The embodiments to be disclosed herein can be flexibly constructed by cross-linking related technical features of the embodiments unless the mutual exclusion relationship between the related technical features is stated in the clear text, as long as the combination does not depart from the inventive spirit of the present application and can meet the needs of the prior art or solve the deficiencies of the prior art. Those skilled in the art will appreciate variations therefrom.
The various device authentication methods of the present application can be programmed as computer program products, and are implemented by being deployed in terminal devices, playback devices, and servers.
Referring to fig. 1, in an exemplary embodiment of a playback device authentication method disclosed in the present application, the method includes steps S1100 to S1500, which are as follows:
step S1100, receiving a start time stamp transmitted by a terminal device electrically connected with the current playing device;
and the terminal equipment is electrically connected with the current playing equipment, and the OTG function is used for transmitting the initial timestamp data to the playing equipment.
The initial timestamp data is an initial timestamp obtained by accessing the server device corresponding to the preloaded APP of the terminal device, and in an exemplary embodiment, the initial timestamp is four bytes of data and represents year, month and day respectively.
The OTG function usually appears On terminal equipment such as a flat panel, a mobile phone and The like, is called USB On-The-Go completely, can take The terminal equipment such as The flat panel, The mobile phone and The like as a host computer, other USB equipment as USB peripheral equipment (such as a U disk, playing equipment and The like) is connected to The terminal equipment such as The mobile phone, The flat panel and The like through an OTG patch cord, so that a data transmission channel between The terminal equipment such as The mobile phone, The flat panel and The like and The USB peripheral equipment is built through The OTG function, data of The USB peripheral equipment can be directly read and written, The OTG connecting line is generally a data line electrically connecting The terminal equipment and The USB peripheral equipment correspondingly, an interface at one end of The terminal equipment is generally a Type-C, a Micro USB and a Lightning interface, and an interface at one end of The USB peripheral equipment is generally a Type-C, a Micro USB and a USB 2.0/3.0/3.1 interface.
Step S1200, correspondingly generating a first private key and a first public key, and generating a symmetric key according to the first private key and a pre-stored second public key, wherein the second private key corresponding to the second public key is held by a server;
the server generates a second public key PubkeyA and a second private key PrikeyA in advance through a pre-agreed asymmetric encryption algorithm, and pre-allocates the second public key PrikeyA to the playback device (normally, allocation is completed when the playback device leaves a factory), and the corresponding second private key PrikeyA marks and associates the corresponding second public key PubkeyA to be stored in the server.
And after receiving the start timestamp, the playing device starts an authentication service logic, and under the drive of the service logic, the playing device also generates a first private key PrikeyB by using an asymmetric encryption algorithm pre-agreed with the server, correspondingly generates a first public key PubkeyB, and subsequently can distribute the first public key PubkeyB to the server. Therefore, for the server and the playing device, both sides have public keys generated by the other side and have corresponding private keys, the same shared key is calculated for the both sides through an ECDH (electronic digital signature) key agreement algorithm, the shared key is processed in the same way to obtain the same symmetric private key, and finally, the symmetric encryption and decryption of the certificate information by the both sides of the communication are realized according to the symmetric private key, so that the secure communication is realized.
The symmetric encryption algorithm is also called as a shared key encryption algorithm. In the symmetric encryption algorithm, only one key is used, and both the transmitting and receiving sides use the same key to encrypt and decrypt data. Requiring both the encrypting and decrypting parties to have prior knowledge of the encryption key.
The asymmetric encryption algorithm is also called a public key encryption algorithm. It requires two keys, one called Public Key (Public Key), i.e. the Public Key, and the other called Private Key (Private Key), i.e. the Private Key.
Step S1300, the symmetric key is used for encrypting certificate information to obtain a corresponding ciphertext, wherein the certificate information comprises an equipment feature code, an equipment MAC address, a check random code and the starting timestamp of the current playing equipment;
the playing device calculates a shared key by combining a second public key PubkeyA distributed by the server in advance with a first private key PrikeyB generated by the playing device, and intercepts the shared key in a manner of pre-agreement with the server so as to obtain a corresponding symmetric key. And the playing equipment encrypts the certificate information by using the symmetric key according to a symmetric encryption algorithm pre-agreed with the server to obtain a corresponding ciphertext.
The certificate information mainly includes the device feature code, the device MAC address, the verification random code, and the start timestamp of the current playback device, and in other embodiments, other components, such as the product feature code, may also be flexibly added.
The device feature code can be a device MAC address, each playing device corresponds to a unique MAC address, and the playing devices can be identified accurately by the aid of the MAC addresses.
The check random code can be used as a check random code generated by the playing device, is used as a check random code required by authentication check among multiple devices, and can be stored in the cache of each device.
The starting time stamp is the starting time stamp transmitted by the receiving terminal device of the playing device, is used for representing the authentication starting time point between the current devices, and can also be used as one of the authentication bases in the same way.
Step S1400, the ciphertext and the first public key are constructed as authentication information, and the authentication information is submitted to a server holding the second private key for corresponding authentication after the starting timestamp is superposed by the terminal equipment;
the server needs to obtain the same symmetric key through the second private key held by the server and the first public key of the playback device to symmetrically decrypt the ciphertext, and for this purpose, the playback device needs to transmit the first public key and the ciphertext generated by the playback device to the server together.
Since the playing device may be seized and tamper the starting timestamp in the process of receiving the starting timestamp transmitted by the terminal device, or the playing device may be attacked in the process of transmitting the ciphertext, and the ciphertext is decrypted and the starting timestamp in the ciphertext is changed, in order to ensure the accuracy of the starting timestamp, the terminal device acquires the starting timestamp from the cache together with the authentication information and transmits the starting timestamp to the server for authentication, and the server compares the starting timestamp in the decrypted ciphertext with the timestamp transmitted by the terminal device, thereby checking whether the starting timestamps are the same.
Step S1500, the terminal device is confirmed to transmit the check random code representing the successful authentication back and store the service life information so as to restrict the validity period of the multimedia file stored in the current playing device.
The multimedia files are audio files or video files, the audio files comprise mp3, m4a, wma, ogg, aac, wav, ape and flac, and the video files comprise avi, dat, mkv, flv, vob and other format files.
The server decrypts the ciphertext to obtain corresponding plaintext certificate information, identifies the validity of the verification random code and the equipment feature code in the certificate information, and transmits identification success information and the verification random code back to the terminal equipment after the identification is successful.
And the terminal equipment receives the authentication success reply and issues the check random code to the playing equipment for the next authentication.
The playing device obtains the check random code from the cache, compares the check random code with the check random code returned by the terminal device, confirms that the two check random codes are the same random code, and then the playing device successfully performs reverse authentication to achieve a handshake protocol with the terminal device, and stores the check random code in the cache, thereby facilitating the playing device to achieve rapid authentication when being reconnected with the terminal device within a certain time.
After the authentication is successful, the playing device executes the check-in operation on the multimedia APP loaded on the terminal device, generates a report date file on the playing device, records the service life information and the privilege service period of the user account, the report date file is stored in a storage medium of the playing device after being generated, the service life information comprises the check-in date and the effective time, the playing device has the authority of calling and storing the multimedia file in the effective time, the playing device needs to be connected with the terminal device through OTG (over the Top) for re-authentication after the effective time is exceeded, and the authority is obtained again.
The user account privilege use period is a privilege use period of a current user account acquired by a terminal device access server and is used for limiting a multimedia file related to the calling privilege of the playing device in the current privilege use period. When the method is applied specifically, the privilege use period corresponding to the VIP user can be represented.
The exemplary embodiment embodies the advantages of the present application, and the software encryption algorithm and the terminal device coordinate the playing device and the server to perform the encryption and decryption operations of the corresponding authentication data on the network, so as to safely and reliably realize the authorization verification of the playing device. The authorized playing device can perform operations such as authentication, downloading, importing and exporting of the legal multimedia file in a full-service chain mode through the terminal device connected with the authorized playing device, and the operation is very efficient.
Furthermore, the server generates a second private key and a corresponding second public key in advance, stores the second private key and distributes the corresponding second public key to the playing device, when authentication communication starts, the playing device temporarily generates a first private key and a corresponding first public key each time, stores the first private key and distributes the second public key to the server, so that the server and the playing device can obtain the same shared secret key through an algorithm of secret key negotiation, and then both sides obtain the same symmetric secret key through a pre-protocol mode for symmetric encryption and decryption. Furthermore, when the server and the playback device obtain the symmetric key, the first private key and the first public key that are temporarily generated can be correspondingly deleted, and then even if the two parties receive an attack to obtain the second public key and the second private key, the symmetric key cannot be obtained to decrypt the ciphertext, so that the security of the current authentication communication is further improved.
Referring to fig. 2, a further embodiment of the present invention is characterized in that a first private key and a first public key are correspondingly generated, a symmetric key is generated according to the first private key and a pre-stored second public key, and a second private key corresponding to the second public key is held by a server, including the following steps:
step S1210, generating a temporary random number as a first private key, and calculating and determining a first public key corresponding to the first private key by adopting an asymmetric encryption algorithm of a server pre-protocol;
the playing device generates a first private key PrikeyB and a corresponding first public key PubkeyB by adopting an asymmetric encryption algorithm pre-agreed with the server. In this embodiment, the asymmetric encryption algorithm is recommended to use an ECC algorithm, specifically executed by using P-192 in FIPS 186-2 according to an ECC elliptic curve, temporarily generates a 24Byte random number as a first private key priveyb by a random number generation method, and generates a corresponding 48Byte first public key PubkeyB according to the first private key priveyb and a generation element parameter G of the elliptic curve.
Step S1220, calculating a shared key associated with the second public key and the first private key using a key agreement algorithm pre-agreed with the server;
for the first private key priveyb, the first public key PubkeyB, the second private key priveya and the second public key PubkeyA, the two pairs of keys are generated correspondingly by selecting the same elliptic curve equation and the generation meta-parameter G by using the same ECC algorithm, that is, the playing device of the encryptor and the server device of the decryptor have common ECDH sharing parameters before EDCH key negotiation is performed between the playing device of the encryptor and the server device of the decryptor, so that the playing device receives the second public key PubkeyA generated by the server and calculates the shared key DHkey of 24Byte by combining the first private key priveyb generated by the playing device. According to the elliptic curve combination law, the server also adopts an ECDH key negotiation algorithm of a pre-protocol to obtain the same shared key DHkey according to the corresponding public key and the private key.
Step S1230, a preset word length is intercepted from the shared secret key as a symmetric secret key.
In this embodiment, according to a pre-agreement mode between the playback device and the server device, the first 16 bytes in the shared key DHkey of the 24 bytes are intercepted as the symmetric key aes, and the playback device encrypts the credential information by using the symmetric key aes through a pre-agreement symmetric encryption algorithm to generate a corresponding ciphertext.
In this embodiment, the server uses an ECC asymmetric encryption algorithm to generate a second private key and a corresponding second public key in advance, and allocates the second public key to the playback device in advance, and the two parties respectively store the second public key and the second private key in their corresponding storage media. In order to obtain a corresponding symmetric key by using an ECDH key agreement algorithm, the playing device temporarily generates a required first private key and a corresponding first public key by using a pre-protocol ECC asymmetric encryption algorithm, and distributes the first public key to the server. And after the two parties negotiate the shared key, the first private key and the corresponding first public key can be deleted respectively, and because the first private key and the first public key have temporality, the second private key and the second public key can not be decrypted by using an ECDH algorithm in combination with the first private key and the first public key to obtain a ciphertext even if the second private key and the second public key are obtained by attack, the encryption and decryption operation is scientifically and reasonably relied on, and the information security between the server and the playing device is ensured.
Referring to fig. 3, in a further embodiment, encrypting credential information with the symmetric key to obtain a corresponding ciphertext, where the credential information includes a device feature code, a check random code, and the start timestamp of a current playback device, includes the following steps:
step 1310, generating a check random code;
the playing device generates a random number of 8Byte as a check random code by a random number generation method.
Step S1320, according to the pre-protocol sequence and the pre-protocol word length, the voucher information is constructed by splicing, so that the voucher information includes the device feature code, the check random code and the start timestamp of the current playing device;
and sequentially splicing the equipment feature code of 6Byte, namely the MAC address, the starting timestamp of 4Byte, the check random code of 8Byte and the feature code PID of the 4Byte product to form 22Byte plaintext certificate information, and supplementing the plaintext certificate information to 32Byte in a mode of supplementing 0 later.
Step S1330, encrypting the credential information with the symmetric key to obtain a corresponding ciphertext.
The playing device adopts an AES encryption algorithm which is pre-agreed with the server, the plaintext voucher information and the symmetric key Aesk are used as parameters of an AES encryption function to be input, a ciphertext with a function output result of 32 bytes is obtained, and the AES algorithm is used for realizing encryption and decryption of the plaintext and the ciphertext corresponding to each other through the symmetric key by the symmetric encryption algorithm.
In the embodiment, compared with the method for directly carrying out network transmission on the certificate information, the certificate information can be obtained by catching the packet in the network transmission process, the certificate information content can be directly read without encryption, the playing equipment calls the AES encryption algorithm to symmetrically encrypt the certificate information and convert the certificate information into the corresponding ciphertext, the difficulty of obtaining the certificate information content is effectively improved, and the powerful certificate information safety protection is scientifically and reliably provided.
Referring to fig. 4, in a preferred embodiment, the step of confirming that the terminal device returns the check random code representing successful authentication and stores the lifetime information for restricting the lifetime of the multimedia file called and stored in the current playing device includes the following steps:
step S1510, receiving the notification message returned by the terminal device, and extracting the check random code therein;
the playing device generally uses SCSI protocol to communicate, the communication mode is Bulk-Only transmission of USB, namely SCSI command is packed in Bulk data packet, and is sent to the playing device by host, therefore, SCSI command, data structure and reply code of CBW packet in communication process are agreed in advance by the playing device and the terminal device, so as to carry out request and reply operation between devices, reply and request format corresponding to same command word are basically same, so that the playing device can process data conveniently, and one data structure can represent reply and request.
The playing device communicates with the terminal device by using a SCSI protocol through a pre-protocol, and receives a reverse authentication request with a command word of 121 and a transmitted check random code.
Step S1520, compare the check random code with the check random code cached by the current playing device, and when the comparison is consistent, confirm that the authentication is successful;
the playing device generates a check random code and stores the check random code into the cache when receiving a command word of 120 authentication request sent by the terminal device, and takes out the check random code from the cache until receiving a command word of 121 reverse authentication request sent by the terminal device.
Carrying out reverse authentication on the check random code in the cache of the playing device and the check random code issued by the terminal device, if the two check random codes are consistent, the reverse authentication is successful, and the device sends a command word of 121 to successfully reply the reverse authentication to the terminal device; otherwise, if the two parties are not consistent, the reverse authentication fails, and the device sends a command word 121 of a reverse authentication failure reply and a corresponding reply code.
Step S1530, after the authentication is successful, receiving the lifetime information issued by the terminal device and storing the lifetime information in the storage medium of the current playing device, where the lifetime information includes current date information, valid lifetime information of the current playing device, and privilege lifetime information of the current online user associated with the terminal device.
And after receiving the command word 121, the terminal equipment successfully replies the reverse authentication and then achieves a handshake protocol with the playing equipment, and the playing equipment receives the service life information and generates a corresponding file to be stored in the memory. The current date is the sign-in time on the terminal equipment after the handshake, the current equipment valid use period information is the handshake protocol valid time, and the user account privilege use period is the privilege use period of the current user account acquired by the terminal equipment access server and is used for limiting the multimedia files related to the access privileges of the playing equipment in the current privilege use period.
In this embodiment, the playback device, through the reverse authentication, achieves a handshake protocol with the terminal device, and then allows the playback device to execute the related operations of the multimedia file through the request and the reply between the playback device and the terminal device, thereby safely and scientifically opening the interactive permission between the playback device and the terminal device. And realizing that the playing equipment accurately controls the calling authority of the related multimedia files in the storage according to the service life information.
Referring to fig. 5, in a preferred embodiment, after the step of confirming that the terminal device returns the check random code representing successful authentication and stores the lifetime information for restricting the current playing device from calling the lifetime of the multimedia file stored therein, the method includes the following steps:
step S1600, receiving and storing a multimedia file transmitted by the terminal equipment, wherein the multimedia file is an unencrypted file;
based on the difference of decoding capability of different playing devices, only non-encrypted multimedia files can be stored and played for the playing device with weaker decoding capability.
In one embodiment, the playing device and the terminal device achieve a handshake protocol through authentication, and the playing device sends a request for downloading the multimedia file to the terminal device. The terminal equipment responds to the request, the access server acquires the multimedia file downloading link in the request, the network is used for downloading and appointing the downloading storage address as the storage address corresponding to the playing equipment, and the playing equipment receives and stores the multimedia file through OTG connection with the terminal equipment.
In another embodiment, the playing device and the terminal device achieve a handshake protocol through authentication, and the playing device sends a request for downloading the multimedia file to the terminal device. The terminal equipment responds to the request, acquires the corresponding multimedia files which are requested to be downloaded in advance from the memory, packages the multimedia files into data packets and sends the data packets to the playing equipment, and the playing equipment receives the data packets and correspondingly stores the multimedia files in the data packets.
Step S1601, storing the multimedia file into a hidden partition of a storage medium of the current playing device;
the hidden partition is a hidden partition which can be identified only by a certain protocol and is divided in a storage medium of the playing device by the playing device, the multimedia file is stored in the hidden partition, the multimedia file stored in the hidden partition is attached with file information and is recorded in an information recording file, the file and the multimedia file are stored in the same-level directory, and the file comprises sign-in time, service life time, multimedia file detail information and md5 data.
And the sign-in time is corrected and updated by a starting timestamp issued by the playing device and the terminal device through authentication.
Step S1602, responding to the playing instruction acting on the multimedia file, checking the validity of the lifetime information, and playing the corresponding multimedia file when the validity is checked.
The playing device system responds to a playing instruction of the multimedia file, inquires MD5 data corresponding to the multimedia file in the information recording file of the hidden partition, calculates a hash value of each multimedia file to be played by using an MD5 algorithm as MD5 data, and the data for calculating the hash value can comprise the multimedia file and relevant information thereof, including storage date, service life and the like, and is flexibly set according to needs. After the hash value is calculated, the md5 data of the multimedia file are compared, and if the md5 data of the multimedia file is consistent with the md5 data of the multimedia file, the multimedia file is allowed to be played, otherwise, the multimedia file is not allowed to be played.
The MD5 data is character string data formed by 16byte random numbers generated by an MD5 algorithm when the multimedia files are downloaded, and the MD5 data corresponding to each multimedia file are different.
In this embodiment, compared with the tedious operation of exporting the multimedia file by operating the computer and importing the multimedia file into the playing device, the playing device successfully performs the reverse authentication to form a handshake protocol with the terminal device, and after a safe and reliable data communication channel is established between the playing device and the terminal device, the playing device downloads the multimedia file through the terminal device, so that the operation is simpler and more convenient, and the safety of the multimedia file in the data transmission process is ensured. And respectively calculating corresponding MD5 data as a check identifier by using an MD5 algorithm aiming at the multimedia files, and quickly and accurately checking the validity of the corresponding multimedia files according to the check identifier.
Referring to fig. 6, in a preferred embodiment, after the step of confirming that the terminal device returns the check random code representing successful authentication and stores the lifetime information for restricting the current playing device from calling the lifetime of the multimedia file stored therein, the method includes the following steps:
step S1610, receiving and storing a multimedia file transmitted by the terminal equipment, wherein the multimedia file is an encrypted file;
based on the difference of the decoding capability of different playing devices, the playing device with strong decoding capability can directly store the encrypted multimedia file without additionally dividing a storage partition, and can play the encrypted multimedia file by matching with a corresponding decryption library for decryption.
In one embodiment, the encrypted multimedia file is a kgm encryption mode file, and a special decryption library is used for performing exclusive-or calculation, so that the multimedia file is quickly decrypted and restored.
In another embodiment, the playback device and the terminal device form a handshake protocol, and the playback device sends a request for downloading the multimedia file to the terminal device. The terminal equipment responds to the request, acquires the corresponding multimedia file requested to be downloaded in advance from the memory, correspondingly encrypts the multimedia file, packages the multimedia file into a data packet and sends the data packet to the playing equipment, and the playing equipment receives the data packet and correspondingly decrypts and stores the encrypted multimedia file.
Step S1611, storing the multimedia file in a storage medium of a current playing device;
and storing the encrypted multimedia file into an internal memory of the playing equipment, calling a corresponding decryption library by the playing equipment system to decrypt the encrypted multimedia file, restoring the multimedia file, transferring the multimedia file to a hard disk of the playing equipment, and writing file information of the multimedia file into the information recording file.
The information recording file is a file generated by playing equipment, the file and the multimedia file are stored in the same directory, and the file contents are check-in time, service life time, multimedia file detail information and md5 data.
And the sign-in time is corrected and updated by a starting timestamp issued by the playing device and the terminal device through authentication.
Step S1612, in response to the play instruction acting on the multimedia file, checks validity of the lifetime information, and when the validity is checked, decrypts and plays the corresponding multimedia file.
And the playing equipment system responds to a playing instruction of the multimedia file, the MD5 algorithm is used for calculating MD5 data corresponding to the media file and comparing the MD5 data with MD5 data corresponding to the multimedia file of the information recording file of the hard disk, if the MD5 data are the same, the verification is valid, the corresponding multimedia file is played, and if the MD5 data are different, the verification is invalid, and the corresponding multimedia file cannot be played.
In this embodiment, the playing device and the terminal device achieve a handshake protocol, and after a secure and reliable data communication channel is established between the playing device and the terminal device, the encrypted multimedia file is transmitted, so that the difficulty in obtaining the multimedia source file is increased, and a strong guarantee is provided for the data security of the multimedia file.
Referring to fig. 7, in an exemplary embodiment of a server device authentication method disclosed in the present application, the method includes steps S2100 to S2500 as follows:
step S2100, obtaining authentication information and a start timestamp submitted by a terminal device, where the authentication information includes a first public key generated by a playback device electrically connected to the terminal device and a ciphertext obtained by encrypting credential information with a symmetric key, where the credential information includes a device feature code, a check random code, and the start timestamp of the playback device, and the symmetric key is generated in association with a first private key corresponding to the first public key and a second public key pre-allocated by a server;
and the server generates a second private key PrikeyA and a corresponding second public key PubkeyA by adopting an asymmetric encryption algorithm pre-agreed with the playing equipment. The asymmetric encryption algorithm is an ECC algorithm, is specifically executed by using P-192 in FIPS 186-2 according to an ECC elliptic curve, temporarily generates a 24-Byte random number as a second private key PrikeyA by a random number generation method, and generates a corresponding 48-Byte second public key PubkeyA according to the second private key PrikeyA and an elliptic curve generation element parameter G. The server allocates the second public key pubkeyA to the playing device in advance, and stores the corresponding second public key PrikeyA associated with the second public key into the memory.
The initial timestamp of the terminal equipment is obtained by the terminal equipment accessing the server in advance before authentication, and the initial timestamp is sent to the server for comparison and verification with the initial timestamp in the ciphertext at present.
Step S2200, decrypting the ciphertext according to a second private key corresponding to the second public key and the first public key held by the server, and obtaining the credential information;
for the first private key priveyb, the first public key PubkeyB, the first private key priveya and the second public key PubkeyA, two pairs of keys are generated correspondingly by selecting the same elliptic curve equation and the generation element parameter G by using the same ECC algorithm, that is, before the playing device of the encryptor performs EDCH key agreement with the server device of the decryptor, the two parties have common ECDH sharing parameters, so that the server calculates the shared key DHkey of 24Byte according to the first public key PubkeyB generated by the playing device and the second private key priveya held by the server device by using the ECDH key agreement algorithm of the pre-protocol. According to the elliptic curve combination law, the shared key DHkey is actually the same as the DHkey generated by the encrypted ciphertext of the playing device, the server further executes the operation of generating the corresponding symmetric key on the shared key DHkey, the symmetric key obtained by the server is the same as the symmetric key used by the playing device during encryption, and the ciphertext can be decrypted by the pre-agreed AES symmetric encryption algorithm to obtain the corresponding credential information.
Step S2300, verifying and confirming that the starting timestamp submitted by the terminal equipment is consistent with the starting timestamp in the decrypted certificate information;
the server equipment obtains the initial timestamp in the certificate information after decryption and carries out XOR calculation with the initial timestamp sent by the terminal equipment, if the calculation result is 1, the two initial timestamps are the same, and the check result is consistent; if the calculation result is not 1, the two starting timestamps are different, and the check result is inconsistent.
Step S2400, verifying the validity of the device feature code according to a preset authorized device library, and confirming that the corresponding playing device is a valid device;
the server device obtains the device feature code (part of embodiments and PID) in the certificate information after decryption, the PID is a product identification code, and each playing device product can be allocated with the unique identification code of the corresponding playing device when leaving the factory, so the server can quickly locate the style series of the playing device in the authorized device library through the PID, further check whether the MAC address identical to the device feature code exists in the authorized device library under the PID, if so, the MAC address is a legal address, and confirm that the corresponding playing device is a legal device; if the MAC address exists, the MAC address is an illegal address, and the corresponding playing device is confirmed to be an illegal device.
And step S2500, after the verification is passed, sending a notification message representing successful authentication to the terminal equipment, so that the terminal equipment forwards the notification message to the playing equipment, wherein the notification message comprises the check random code.
And if the starting timestamp is verified to be the same and the equipment feature code is verified to be legal by the server, sending a notification message of successful authentication to the terminal equipment as a reply, returning the verification random code obtained after decryption of the ciphertext, communicating the terminal equipment and the playing equipment by using a SCSI protocol, sending a command word of 121 reverse authentication requests and issuing the verification random code required by the reverse authentication to the playing equipment.
In this embodiment, the server ECC asymmetric encryption algorithm generates a second private key and a corresponding second public key, obtains a symmetric key that is the same as a symmetric key used when the playback device is encrypted according to the second private key and the first public key, decrypts according to the symmetric key by using an AES symmetric encryption algorithm to obtain corresponding credential information, and further identifies the start timestamp and the device feature code therein. The security of the credential information is ensured.
Referring to fig. 8, in a further embodiment, the method for obtaining the credential information by decrypting the ciphertext according to a second private key corresponding to the second public key and the first public key held by the server includes the following steps:
step S2210, calculating a shared key associated with a second private key corresponding to the second public key held by the server and the first public key of the terminal device by using a key agreement algorithm pre-agreed with the playback device;
the method for acquiring the shared key through the ECDH key negotiation algorithm by the server and the playing device pre-protocol is implemented specifically that two parties respectively generate two corresponding pairs of private keys and corresponding public keys through sharing EDCH parameters, then the two parties exchange the public keys generated by the two parties and acquire the public key of the other party, and the two parties calculate the same shared key through the key negotiation algorithm according to the private key generated by the two parties and the public key of the other party acquired through the exchange.
The shared EDCH parameter is the same ECC asymmetric encryption algorithm and the same set of parameters correspondingly required by the server and the playing device pre-protocol, namely the same elliptic curve equation and the generated element parameter G.
Therefore, the server calculates a second private key PrikeyA generated by the server through an ECDH key agreement algorithm, and calculates a shared key which is the same as the shared key used by the playing device for generating symmetric key encryption and is corresponding to the first public key PubkeyB, transmitted by the terminal device, generated by the playing device.
Step S2220, intercepting a preset word length from the shared secret key as a symmetric secret key;
the server obtains the symmetric key in the same way as the playing device, namely, the first 16 bytes in the shared key DHkey of the 24 bytes are intercepted as the symmetric key Aeskey. As can be seen from the foregoing description, the shared key DHkey of both the server and the playback device is the same, and both the server and the playback device obtain the symmetric key in the same manner, so the symmetric keys of both the server and the playback device are also the same.
And step S2230, decrypting the ciphertext by using the symmetric key to obtain corresponding credential information.
Because the symmetric keys of the playing device and the server are the same, when the playing device encrypts the credential information into a corresponding ciphertext by using the symmetric key through an AES symmetric encryption algorithm, the corresponding server can correspondingly decrypt the ciphertext by using the symmetric key through the AES symmetric encryption algorithm to obtain the credential information.
In this embodiment, both the playback device and the server use the ECDH key agreement algorithm, and use the same G base point each time, thereby effectively avoiding frequent generation of G that occupies a large amount of CPU memory. The authentication communication playing device can temporarily generate a random number as a first private key and correspondingly generate a first public key every time, so that shared keys of communication at each time are different, even if the first private key and the second public key are obtained by attack, the authentication communication is only influenced, the previous authentication communication content cannot be influenced, and the forward security is improved. More safely, after a shared key is negotiated by using an ECDH key negotiation algorithm, the playing device and the server can delete the temporarily generated first private key and the first public key from the memory, and then the ciphertext cannot be decrypted even if both sides are attacked to obtain the second public key and the second private key, so that the security is further improved, and an encrypted and decrypted symmetric key is generated according to the shared key in a limited time and an effective space.
Referring to fig. 9, in an exemplary embodiment of a terminal device authentication method disclosed in the present application, the method includes steps S3100 to S3300, which are as follows:
step S3100, transmitting a start timestamp to a playing device electrically connected to a current terminal device to control the playing device to return authentication information, where the authentication information includes a first public key generated by the playing device and a ciphertext obtained by encrypting credential information with a symmetric key, the credential information includes a device feature code, a check random code, and the start timestamp of the playing device, and the symmetric key is generated by associating a first private key corresponding to the first public key and a second public key pre-allocated by a server;
the terminal equipment performs data transmission with the playing equipment through the OTG function of the terminal equipment and performs request and reply operations by using a self-defined SCSI command. The communication between the terminal equipment and the playing equipment adopts a single step rule, except a special Non-Response Request or data stream transmission mode, the other modes all adopt a Request-Response mode of Request- > Response. The Request and the Response are matched through Byte [3] (command word) and Byte [5] (Seq Num), if the Response is not matched, the Request is retransmitted, and the Seq Num is not changed. If the Request is sent for more than 2 seconds and no Response is received, the Request is considered to be sent overtime, and then the Request is retransmitted; if the Response is not received after more than 3 times of Request retransmission, an error is reported and no attempt is made.
The method comprises the steps that a terminal device and a playing device pre-agree SCSI command with command words of 120, the terminal device sends a command word of 120 request and a starting timestamp to the playing device, the playing device receives and responds to the command word of 120 request, construction of authentication information is completed, command word of 120 reply is initiated, PID required by authentication and a first public key corresponding to a first private key are transmitted back to the terminal device.
The starting time stamp is obtained by a request which is initiated to a server by a multimedia APP loaded by the terminal equipment.
The authentication information is constructed in such a way that the playing device generates a random number as a check random code, and the check random code is combined with a PID (product feature code), a device feature code (MAC address) and the start timestamp of the playing device, which are carried by the playing device, to construct voucher information as a plaintext in a way of adding 0 later. The playing device adopts a first private key generated by a pre-protocol ECC algorithm and a second public key pre-distributed by the server to obtain a symmetric key according to an ECDH algorithm, and encrypts the plain text by using an AES algorithm according to the symmetric key to obtain a corresponding cipher text as authentication information.
Step S3200, the authentication information is superposed with the starting timestamp and submitted to a server for authentication;
and the terminal equipment forwards the stored starting timestamp, the ciphertext returned by the playing equipment, the PID required by authentication and the first public key to the server. The server adopts a second private key generated in advance by a pre-protocol and the first public key to obtain a symmetric key according to an ECDH algorithm, decrypts the plain text by using an AES algorithm according to the symmetric key to obtain certificate information, executes authentication operation, returns a check random code to the terminal equipment if the authentication is legal, and returns an error code to the terminal equipment if the authentication is failed.
The authentication operation is two-step verification, the first step of verification is that the initial timestamp in the certificate information obtained by the server decryption is compared with the initial timestamp transmitted by the terminal equipment, if the comparison is consistent, the initial timestamp in the certificate information is a legal timestamp, otherwise, the initial timestamp is an illegal timestamp; and the second step of checking that the equipment feature code in the certificate information obtained by the server decryption is compared with the equipment feature code in an authorized equipment library preset by the server, if the equipment feature code in the certificate information is consistent with the equipment feature code, the equipment feature code is a legal equipment feature code, otherwise, the equipment feature code is an illegal equipment feature code. The two-step check is legal by authentication, otherwise, any one-step check is not legal by authentication failure.
And step S3300, after the server passes the authentication according to the authentication information and the start timestamp, sending a notification message containing the check random code provided by the server to the playing device to control the playing device to store the service life information of the online user of the current terminal device, wherein the service life information is used for restricting the playing device to call the validity period of the multimedia file stored therein.
In one embodiment, the server decrypts the authentication information to obtain corresponding certificate information, authenticates the starting timestamp and the equipment feature code therein, and sends the verification random code together with an authentication success notification to the terminal equipment after the authentication is legal. The terminal equipment initiates a command word of 121 request together with a check random code to the playing equipment, and the playing equipment receives the command word of 121 request to perform reverse authentication operation. And if the reverse authentication of the playing device is successful, a handshake protocol with the terminal device is achieved, the playing device generates a service life information file about the online user of the current terminal device, and obtains the permission of downloading the multimedia file and calling the multimedia file through the terminal device within the service life according to the service life recorded by the file.
In another embodiment, the server decrypts the credential information to obtain corresponding credential information, authenticates the start timestamp and the device feature code therein, and returns an error code to the terminal device after the authentication fails.
In this embodiment, the terminal device performs corresponding request and reply through a self-defined SCSI command pre-agreed with the playback device, normalizes the communication formats of both parties, and interacts with the server efficiently. The visible terminal device reasonably controls the playing devices, reduces the load of the server facing the playing devices, ensures that the playing devices and the server orderly and accurately execute the relevant operations, and improves the robustness.
Referring to fig. 10, a further embodiment of the present invention is characterized in that the transmitting the start timestamp to the playback device electrically connected to the local player includes the following steps:
step S3400, responding to the access event of the playing device, and acquiring a verification random code relative to the playing device from a cache for verification by the playing device;
the terminal device obtains, from the cache, the check random code issued when the terminal device has recently reached a handshake protocol with the playback device for reverse authentication, and the MAC address of the playback device, where the MAC address is obtained by the system when the terminal device is connected to the playback device, and similarly, the MAC address of the currently connected playback device can also be obtained by the foregoing method. And the terminal equipment compares the MAC address in the cache with the MAC address of the current playing equipment, and when the comparison is consistent, the terminal equipment sends a command word of 124 request to the current playing equipment and attaches the check random code.
The command word is a self-defined SCSI command which is requested by 124 and replied to a pre-agreement between the terminal equipment and the playing equipment, the playing equipment executes reverse authentication operation when receiving the 124 request issued by the terminal equipment, if the reverse authentication is successful, a reply notification message that the command word is successful 124 is returned to the terminal equipment, a handshake protocol is achieved, otherwise, an error code is returned, and the terminal equipment receives the error code and sends a command word 120 request to the playing equipment.
And the reverse authentication is that the playing equipment carries out verification comparison according to the verification random code cached when the handshake protocol is achieved last time and the verification random code transmitted by the terminal equipment, if the comparison is consistent, the reverse authentication is successful, otherwise, the reverse authentication is failed.
Step S3500, when the playback device returns the notification message that the verification is successful, transmitting the start timestamp to the playback device.
And the terminal equipment receives reply notification information that the reverse authentication is successful and the returned command word is 124 successful, accesses a server corresponding to the multimedia APP loaded by the terminal equipment to obtain a starting timestamp, and sends the starting timestamp to the playing equipment. And the playing device receives the starting time stamp and updates the corresponding time in the service life information file of the online user of the current terminal device according to the starting time stamp.
In the embodiment, the verification random code of the handshake protocol which is achieved last time in the storage is obtained through the terminal device and the playing device to carry out comparison and identification, so that the handshake protocol is achieved quickly, steps are simplified reasonably, and the efficiency is improved.
Further, a playback device authentication apparatus of the present application may be constructed by functionalizing steps in the methods disclosed in the above embodiments, and according to this idea, please refer to fig. 11, wherein in an exemplary embodiment, the apparatus includes: the receiving timestamp module 1100 is configured to receive a start timestamp transmitted by a terminal device electrically connected to the current playback device; the key generation module 1200 generates a first private key and a first public key correspondingly, and generates a symmetric key according to the first private key and a pre-stored second public key, where the second private key corresponding to the second public key is held by the server; a ciphertext constructing module 1300, configured to encrypt credential information with the symmetric key to obtain a corresponding ciphertext, where the credential information includes an apparatus feature code, a check random code, and the start timestamp of a current playback apparatus; the server authentication module 1400 is configured to construct the ciphertext and the first public key as authentication information, and submit the authentication information to a server holding the second private key for corresponding authentication after the starting timestamp is superimposed by the terminal device; the authentication completion module 1500 confirms that the check random code representing the successful authentication is returned by the terminal device and stores the lifetime information for restricting the validity period of the multimedia file called and stored in the current playing device.
In a further embodiment, the key generation module 1200 includes:
the public and private key generation submodule generates a temporary random number as a first private key, and calculates and determines a first public key corresponding to the first private key by adopting an asymmetric encryption algorithm of a server pre-protocol; the shared key generation sub-module is used for calculating a shared key related to the second public key and the first private key by adopting a key negotiation algorithm pre-agreed with the server; and the symmetric key generation submodule intercepts a preset word length from the shared key to serve as a symmetric key.
In a further embodiment, the key generation module 1200 includes:
the check code generation submodule generates a check random code; the voucher information constructing submodule splices and constructs voucher information according to the pre-protocol sequence and the pre-protocol word length, so that the voucher information comprises the equipment feature code, the check random code and the starting timestamp of the current playing equipment; and the ciphertext generating submodule encrypts the certificate information by using the symmetric key to obtain a corresponding ciphertext.
In a preferred embodiment, the authentication completing module 1500 includes:
the check code acquisition submodule is used for receiving the notification message returned by the terminal equipment and extracting a check random code in the notification message; the verification submodule compares the verification random code with the verification random code cached by the current playing equipment, and if the comparison is consistent, the authentication is confirmed to be successful; and the storage submodule receives the service life information issued by the terminal equipment after the authentication is successful and stores the service life information in a storage medium of the current playing equipment, wherein the service life information comprises current date information, effective service life information of the current playing equipment and privilege service life information of a current online user related to the terminal equipment.
In a preferred embodiment, after the authentication completion module 1500 executes, the method includes:
the receiving module is used for receiving and storing the multimedia file transmitted by the terminal equipment, wherein the multimedia file is a non-encrypted file; the storage module is used for storing the multimedia file into a hidden partition of a storage medium of the current playing equipment; and the playing response module is used for responding to the playing instruction acting on the multimedia file, verifying the validity of the service life information, and playing the corresponding multimedia file when the validity is verified.
In a preferred embodiment, after the authentication completion module 1500 executes, the method includes:
the receiving module is used for receiving and storing the multimedia file transmitted by the terminal equipment, wherein the multimedia file is an encrypted file; the storage module is used for storing the multimedia file into a storage medium of the current playing equipment; and the playing response module is used for responding to the playing instruction acting on the multimedia file, verifying the validity of the service life information, and decrypting and playing the corresponding multimedia file when the validity is verified.
Further, a server device authentication apparatus of the present application may be constructed by functionalizing the steps in the methods disclosed in the above embodiments, and according to this idea, please refer to fig. 11, wherein in an exemplary embodiment, the apparatus includes: the authentication preparation module 2100 is configured to obtain authentication information and an initial timestamp submitted by a terminal device, where the authentication information includes a first public key generated by a playback device electrically connected to the terminal device and a ciphertext obtained by encrypting credential information with a symmetric key, where the credential information includes a device feature code, a check random code, and the initial timestamp of the playback device, and the symmetric key is generated by associating a first private key corresponding to the first public key and a second public key pre-allocated by a server; the ciphertext decryption module 2200 is configured to decrypt the ciphertext according to a second private key corresponding to the second public key and the first public key, which are held by the server, to obtain the credential information; the timestamp checking module 2300 is used for checking and confirming that the starting timestamp submitted by the terminal equipment is consistent with the starting timestamp in the decrypted certificate information; the device verification module 2400, which verifies the validity of the device feature code according to a preset authorized device library, and confirms that the corresponding playback device is a valid device; the notification forwarding module 2500 sends a notification message indicating successful authentication to the terminal device after all the tests are passed, so that the terminal device forwards the notification message to the playing device, wherein the notification message includes the check random code.
In a further embodiment, the ciphertext decryption module 2200 includes:
a shared key generation submodule for calculating a shared key associated with a second private key corresponding to the second public key held by the server and the first public key of the terminal device by using a key agreement algorithm pre-agreed with the playback device; the symmetric key submodule intercepts a preset word length from the shared key to serve as a symmetric key; and the decryption submodule decrypts the ciphertext by adopting the symmetric key to obtain corresponding credential information.
Further, a terminal device authentication apparatus of the present application may be constructed by functionalizing the steps in the methods disclosed in the above embodiments, and according to this idea, please refer to fig. 11, wherein in an exemplary embodiment, the apparatus includes: the authentication information interaction module 3100 transmits a start timestamp to the playback device electrically connected to the current terminal device to control the playback device to return authentication information, where the authentication information includes a first public key generated by the playback device and a ciphertext obtained by encrypting credential information with a symmetric key, the credential information includes a device feature code, a check random code, and the start timestamp of the playback device, and the symmetric key is generated by associating a first private key corresponding to the first public key and a second public key pre-allocated by a server; the server authentication module 3200 is used for superposing the authentication information on the starting timestamp and submitting the information to a server for authentication; the authentication completion module 3300, after the server passes the authentication according to the authentication information and the start timestamp, sends the notification message containing the check random code provided by the server to the playing device to control the playing device to store the lifetime information of the online user of the current terminal device, where the lifetime information is used to restrict the playing device from calling the validity period of the multimedia file stored therein.
In a further embodiment, the playing device verification module 3400 includes the following steps:
the access check submodule responds to the access event of the playing equipment and acquires a check random code relative to the playing equipment from a cache for the checking of the playing equipment; and the verification completion sub-module is used for transmitting the starting time stamp to the playing equipment when the playing equipment returns a notification message of successful verification.
In order to solve the above technical problem, an embodiment of the present application further provides a computer device, configured to run a computer program implemented according to each of the device authentication methods. Referring to fig. 12, fig. 12 is a block diagram of a basic structure of a computer device according to the present embodiment.
As shown in fig. 12, the internal structure of the computer device is schematically illustrated. The computer device includes a processor, a non-volatile storage medium, a memory, and a network interface connected by a system bus. The non-volatile storage medium of the computer device stores an operating system, a database and computer readable instructions, the database can store control information sequences, and the computer readable instructions can enable the processor to realize the device authentication method when being executed by the processor. The processor of the computer device is used for providing calculation and control capability and supporting the operation of the whole computer device. The memory of the computer device may have stored therein computer readable instructions that, when executed by the processor, may cause the processor to perform a method of device authentication. The network interface of the computer device is used for connecting and communicating with the terminal. Those skilled in the art will appreciate that the architecture shown in fig. 12 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
The processor in this embodiment is used to execute the specific functions of each module in each device authentication apparatus of the present invention, and the memory stores program codes and various data required for executing the modules. The network interface is used for data transmission to and from a user terminal or a server. The memory in this embodiment stores program codes and data required for executing all modules/sub-modules in the device authentication apparatus, and the server can call the program codes and data of the server to execute the functions of all sub-modules.
The present application also provides a non-volatile storage medium, wherein the respective device authentication methods are written as a computer program and stored in the storage medium in the form of computer readable instructions, which when executed by one or more processors, means execution of the program in a computer, thereby causing the one or more processors to perform the steps of any of the device authentication methods described above.
The present application further provides a computer program product comprising a computer program/instructions which, when executed by a processor, performs the steps of the device authentication method described in any of the embodiments of the present application.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the computer program is executed. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a Random Access Memory (RAM).
In summary, the playing device and the server are coordinated by the software encryption algorithm and the terminal device to perform corresponding authentication data encryption and decryption operations on the network, so that the authorization verification of the playing device is safely and reliably realized, and controllability and stability are achieved.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
Those of skill in the art will appreciate that the various operations, methods, steps in the processes, acts, or solutions discussed in this application can be interchanged, modified, combined, or eliminated. Further, other steps, measures, or schemes in various operations, methods, or flows that have been discussed in this application can be alternated, altered, rearranged, broken down, combined, or deleted. Further, steps, measures, schemes in the prior art having various operations, methods, procedures disclosed in the present application may also be alternated, modified, rearranged, decomposed, combined, or deleted.
The foregoing is only a partial embodiment of the present application, and it should be noted that, for those skilled in the art, several modifications and decorations can be made without departing from the principle of the present application, and these modifications and decorations should also be regarded as the protection scope of the present application.

Claims (13)

1. A playing device authentication method is characterized by comprising the following steps:
receiving a start timestamp transmitted by terminal equipment electrically connected with current playing equipment;
correspondingly generating a first private key and a first public key, and generating a symmetric key according to the first private key and a pre-stored second public key, wherein the second private key corresponding to the second public key is held by the server;
encrypting the certificate information by the symmetric key to obtain a corresponding ciphertext, wherein the certificate information comprises an equipment feature code, a check random code and the starting timestamp of the current playing equipment;
constructing the ciphertext and the first public key as authentication information, and submitting the authentication information to a server with the second private key for corresponding authentication after the starting timestamp is superposed by the terminal equipment;
and confirming that the terminal equipment returns the check random code representing successful authentication and storing the service life information so as to restrict the current playing equipment to call the validity period of the multimedia file stored in the current playing equipment.
2. The authentication method for playing devices according to claim 1, wherein a first private key and a first public key are generated correspondingly, a symmetric key is generated according to the first private key and a pre-stored second public key, and a second private key corresponding to the second public key is held by the server, comprising the following steps:
generating a temporary random number as a first private key, and calculating and determining a first public key corresponding to the first private key by adopting an asymmetric encryption algorithm of a server pre-protocol;
calculating a shared key associated with the second public key and the first private key using a key agreement algorithm pre-agreed with the server;
and intercepting a preset word length from the shared secret key to be used as a symmetric secret key.
3. The authentication method of playing device as claimed in claim 1, wherein the symmetric key is used to encrypt the certificate information to obtain the corresponding ciphertext, and the certificate information includes the device feature code, the check random code and the start timestamp of the current playing device, comprising the following steps:
generating a check random code;
splicing and constructing voucher information according to a pre-protocol sequence and a pre-protocol word length, so that the voucher information comprises an equipment feature code, a check random code and the starting timestamp of the current playing equipment;
and encrypting the certificate information by using the symmetric key to obtain a corresponding ciphertext.
4. The method for authenticating a playing device according to claim 1, wherein the step of confirming that the terminal device returns the check random code representing the successful authentication and stores the lifetime information for restricting the validity period of the multimedia file stored in the current playing device call comprises the steps of:
receiving a notification message returned by the terminal equipment, and extracting a check random code in the notification message;
comparing the check random code with the check random code cached by the current playing equipment, and confirming that the authentication is successful when the comparison is consistent;
and receiving the service life information issued by the terminal equipment after the authentication is successful and storing the service life information in a storage medium of the current playing equipment, wherein the service life information comprises current date information, valid service life information of the current playing equipment and privilege service life information of a current online user related to the terminal equipment.
5. The method for authenticating a playing device according to any one of claims 1 to 4, wherein after the step of confirming that the terminal device returns the check random code representing the successful authentication and stores the lifetime information for restricting the current playing device from invoking the lifetime of the multimedia file stored therein, the method comprises the following steps:
receiving and storing a multimedia file transmitted by the terminal equipment, wherein the multimedia file is an unencrypted file;
storing the multimedia file into a hidden partition of a storage medium of the current playing equipment;
and responding to a playing instruction acting on the multimedia file, verifying the validity of the service life information, and playing the corresponding multimedia file when the validity is verified.
6. The method for authenticating a playing device according to any one of claims 1 to 4, wherein after the step of confirming that the terminal device returns the check random code representing the successful authentication and stores the lifetime information for restricting the current playing device from invoking the lifetime of the multimedia file stored therein, the method comprises the following steps:
receiving and storing a multimedia file transmitted by the terminal equipment, wherein the multimedia file is an encrypted file;
storing the multimedia file into a storage medium of the current playing equipment;
and responding to a playing instruction acting on the multimedia file, verifying the validity of the service life information, and decrypting and playing the corresponding multimedia file when the validity is verified.
7. A server device authentication method is characterized by comprising the following steps:
acquiring authentication information and an initial timestamp submitted by a terminal device, wherein the authentication information comprises a first public key generated by a playing device electrically connected with the terminal device and a ciphertext obtained by encrypting certificate information by using a symmetric key, the certificate information comprises a device feature code, a check random code and the initial timestamp of the playing device, and the symmetric key is generated by associating a first private key corresponding to the first public key and a second public key pre-distributed by a server;
decrypting the ciphertext according to a second private key corresponding to the second public key and the first public key held by the server to obtain the credential information;
verifying and confirming that the starting timestamp submitted by the terminal equipment is consistent with the starting timestamp in the decrypted certificate information;
verifying the legality of the equipment feature code according to a preset authorized equipment library, and confirming that the corresponding playing equipment is legal equipment;
and after the verification passes, sending a notification message representing successful authentication to the terminal equipment so that the terminal equipment forwards the notification message to the playing equipment, wherein the notification message comprises the check random code.
8. The server device authentication method according to claim 7, wherein the obtaining of the credential information by decrypting the ciphertext according to a second private key corresponding to the second public key and the first public key held by the server comprises:
calculating a shared key associated with a second private key corresponding to the second public key held by the server and a first public key of the terminal device by using a key negotiation algorithm pre-agreed with the playing device;
intercepting a preset word length from the shared secret key to be used as a symmetric secret key;
and decrypting the ciphertext by adopting the symmetric key to obtain corresponding credential information.
9. A terminal equipment authentication method is characterized by comprising the following steps:
transmitting a start time stamp to a playing device electrically connected with a current terminal device to control the playing device to return authentication information, wherein the authentication information comprises a first public key generated by the playing device and a ciphertext obtained by encrypting certificate information by using a symmetric key, the certificate information comprises a device feature code, a check random code and the start time stamp of the playing device, and the symmetric key is generated by associating a first private key corresponding to the first public key and a second public key pre-allocated by a server;
the authentication information is superposed with the starting timestamp and submitted to a server for authentication;
and after the server passes the authentication according to the authentication information and the starting timestamp, sending a notification message which is provided by the server and contains the check random code to the playing equipment so as to control the playing equipment to store the service life information of the online user of the current terminal equipment, wherein the service life information is used for restricting the playing equipment to call the validity period of the multimedia file stored in the playing equipment.
10. The playback device authorization method of claim 9, wherein transmitting the start timestamp to a playback device electrically connected to the local device comprises:
responding to the access event of the playing device, and acquiring a verification random code relative to the playing device from a cache for verification of the playing device;
and when the playing device returns a notification message of successful verification, transmitting a starting time stamp to the playing device.
11. A computer device comprising a central processor and a memory, characterized in that the central processor is adapted to invoke execution of a computer program stored in the memory to perform the steps of the method according to any one of claims 1 to 10.
12. A computer-readable storage medium, characterized in that it stores, in the form of computer-readable instructions, a computer program implemented according to the method of any one of claims 1 to 10, which, when invoked by a computer, performs the steps comprised by the corresponding method.
13. A computer program product comprising computer program/instructions, characterized in that the computer program/instructions, when executed by a processor, implement the steps of the method as claimed in any one of claims 1 to 10.
CN202111327298.3A 2021-11-10 2021-11-10 Equipment authentication method and device, equipment, medium and product thereof Pending CN114048438A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111327298.3A CN114048438A (en) 2021-11-10 2021-11-10 Equipment authentication method and device, equipment, medium and product thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111327298.3A CN114048438A (en) 2021-11-10 2021-11-10 Equipment authentication method and device, equipment, medium and product thereof

Publications (1)

Publication Number Publication Date
CN114048438A true CN114048438A (en) 2022-02-15

Family

ID=80208459

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111327298.3A Pending CN114048438A (en) 2021-11-10 2021-11-10 Equipment authentication method and device, equipment, medium and product thereof

Country Status (1)

Country Link
CN (1) CN114048438A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114884714A (en) * 2022-04-26 2022-08-09 北京百度网讯科技有限公司 Task processing method, device, equipment and storage medium
CN115051871A (en) * 2022-06-30 2022-09-13 无锡睿勤科技有限公司 Authentication method and device, and storage medium
CN115580399A (en) * 2022-09-27 2023-01-06 深圳市天视通技术有限公司 Network communication connection method, device, network communication system and storage medium
CN116028969A (en) * 2022-12-15 2023-04-28 江苏金信天信息技术股份有限公司 Privacy calculation method based on data encryption technology

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114884714A (en) * 2022-04-26 2022-08-09 北京百度网讯科技有限公司 Task processing method, device, equipment and storage medium
CN114884714B (en) * 2022-04-26 2024-03-26 北京百度网讯科技有限公司 Task processing method, device, equipment and storage medium
CN115051871A (en) * 2022-06-30 2022-09-13 无锡睿勤科技有限公司 Authentication method and device, and storage medium
CN115580399A (en) * 2022-09-27 2023-01-06 深圳市天视通技术有限公司 Network communication connection method, device, network communication system and storage medium
CN116028969A (en) * 2022-12-15 2023-04-28 江苏金信天信息技术股份有限公司 Privacy calculation method based on data encryption technology
CN116028969B (en) * 2022-12-15 2024-05-03 江苏金信天信息技术有限公司 Privacy calculation method based on data encryption technology

Similar Documents

Publication Publication Date Title
US9722977B2 (en) Secure host authentication using symmetric key crytography
CN114048438A (en) Equipment authentication method and device, equipment, medium and product thereof
JP4366037B2 (en) System and method for controlling and exercising access rights to encrypted media
JP4668619B2 (en) Device key
US5995624A (en) Bilateral authentication and information encryption token system and method
US7639819B2 (en) Method and apparatus for using an external security device to secure data in a database
TWI288552B (en) Method for implementing new password and computer readable medium for performing the method
US20100257370A1 (en) Apparatus And Method for Supporting Content Exchange Between Different DRM Domains
US8495383B2 (en) Method for the secure storing of program state data in an electronic device
KR20060003319A (en) Device authentication system
JPH1185890A (en) Financial institution server, security system for client web browser, and method therefor
US20090199303A1 (en) Ce device management server, method of issuing drm key by using ce device management server, and computer readable recording medium
US7076062B1 (en) Methods and arrangements for using a signature generating device for encryption-based authentication
CN113472793A (en) Personal data protection system based on hardware password equipment
US11831752B2 (en) Initializing a data storage device with a manager device
JP2002297385A (en) Authenticating method in agent system
CN114244508B (en) Data encryption method, device, equipment and storage medium
JPH1198134A (en) Method for detecting fraudulent alteration and copy of cookie, and program storage medium
WO2018030289A1 (en) Ssl communication system, client, server, ssl communication method, and computer program
CN110996319A (en) System and method for performing activation authorization management on software service
KR20220079648A (en) Method and apparatus, computer device, and storage medium for authenticating a biometric payment device
CA2891610C (en) Agent for providing security cloud service and security token device for security cloud service
JP2003152708A (en) Document transmission method and system
CN112507296A (en) User login verification method and system based on block chain
JP2006522507A (en) Secure communication system and secure communication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination