TWI657350B - APP certification system and method - Google Patents

APP certification system and method Download PDF

Info

Publication number
TWI657350B
TWI657350B TW105135512A TW105135512A TWI657350B TW I657350 B TWI657350 B TW I657350B TW 105135512 A TW105135512 A TW 105135512A TW 105135512 A TW105135512 A TW 105135512A TW I657350 B TWI657350 B TW I657350B
Authority
TW
Taiwan
Prior art keywords
authentication
app
verification
authenticated
computer
Prior art date
Application number
TW105135512A
Other languages
Chinese (zh)
Other versions
TW201717084A (en
Inventor
肖德銀
梁潔
Original Assignee
大陸商國民技術股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大陸商國民技術股份有限公司 filed Critical 大陸商國民技術股份有限公司
Publication of TW201717084A publication Critical patent/TW201717084A/en
Application granted granted Critical
Publication of TWI657350B publication Critical patent/TWI657350B/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Abstract

本發明公開一種APP認證系統,包括被認證端、認證端和輔助認證端:其中,被認證端用於發送被認證端的所述軟體身份證ID、所述認證端屬性值和所述主設備屬性值至輔助認證端,將輔助認證端生成的校驗key發送給所述認證端;輔助認證端用於利用其中保存的所述軟體身份證ID對從被認證端接收的所述軟體身份證ID進行校驗,如果校驗通過,則根據從被認證端接收的認證端屬性值和主設備屬性值生成輔助認證校驗key並將其發送給被認證端;認證端用於根據自己獲取到的認證端屬性值和主設備屬性值對校驗key進行校驗。本發明的技術方案能夠使外部設備對APP進行安全認證以提升外部設備資料的安全性,不僅易於實現,而且易於推廣,還能提升業務流程的穩定性。 The present invention discloses an APP authentication system, including an authenticated end, an authentication end, and an auxiliary authentication end: wherein the authenticated end is configured to send the software ID card ID of the authenticated end, the authentication end attribute value, and the main device attribute. The value is sent to the auxiliary authentication end, and the verification key generated by the auxiliary authentication end is sent to the authentication end; the auxiliary authentication end is used to use the software ID card ID stored therein to receive the software ID card ID received from the authenticated end. Performing a check, if the check is passed, generating an auxiliary authentication check key according to the authentication end attribute value and the main device attribute value received from the authenticated end and transmitting the auxiliary authentication check key to the authenticated end; the authentication end is used to obtain according to the self. The authentication end attribute value and the main device attribute value verify the verification key. The technical solution of the present invention enables the external device to perform secure authentication on the APP to improve the security of the external device data, which is not only easy to implement, but also easy to promote, and can improve the stability of the business process.

Description

APP認證的系統和方法 APP certification system and method

本發明關於一種APP認證的系統和方法,尤其關於外部設備對APP進行驗證的系統和方法。 The present invention relates to a system and method for APP authentication, and more particularly to a system and method for authenticating an APP by an external device.

在完整的終端系統中加入外部設備,是目前用於擴展終端系統功能的主要方法,為使得外部設備與終端系統匹配工作,通常在終端系統中裝入匹配的APP(Application,電腦應用程式)程式來完成協助工作。但目前在外部設備與APP通訊過程中,外部設備無法校驗APP的真實性和合法性,這樣容易造成外部設備中資料泄漏的風險。此外,由於外部設備無法認證APP端的合法性,也會造成非法的APP或設備端截取外部設備端資料,進而引發安全問題。 Adding an external device to a complete terminal system is currently the main method for extending the functions of the terminal system. In order to match the external device with the terminal system, a matching APP (Application, Computer Application) program is usually loaded in the terminal system. To complete the assistance work. However, in the process of communication between the external device and the APP, the external device cannot verify the authenticity and legality of the APP, which may easily cause the risk of data leakage in the external device. In addition, because the external device cannot authenticate the legitimacy of the APP, it may cause an illegal APP or device to intercept the external device data, which may cause security problems.

本發明的目的在於提出一種認證APP的合法性和真實性的方法來解決外部設備和APP相互認證的安全性問題。 The object of the present invention is to provide a method for authenticating the authenticity and authenticity of an APP to solve the security problem of mutual authentication of an external device and an APP.

根據本發明的一個方面,提供了一種APP認證方法,包括:被認證端將被認證端的軟體身份證ID、認證端屬性值和主設備屬性值發送給輔助認證端;輔助認證端接收軟體身份證ID、認證端屬性值和主設備屬性值;輔助認證端利用輔助認證端中保存的軟體身份證ID對從被認證端接收的軟體身份證ID進行校驗;如果校驗通過,則輔助認 證端根據從被認證端接收的認證端屬性值和主設備屬性值生成輔助認證校驗key並將其發送給被認證端;被認證端將輔助認證端生成的輔助認證校驗key發送給認證端;認證端根據自己獲取到的認證端屬性值和主設備屬性值對輔助認證校驗key進行校驗;以及如果校驗通過,則認證端完成對被認證端的真實性認證。 According to an aspect of the present invention, an APP authentication method is provided, including: the authenticated end sends the software ID number, the authentication end attribute value, and the main device attribute value of the authenticated end to the auxiliary authentication end; the auxiliary authentication end receives the software ID card. The ID, the authentication end attribute value, and the main device attribute value; the auxiliary authentication end uses the software ID ID stored in the auxiliary authentication end to verify the software ID ID received from the authenticated end; if the verification passes, the auxiliary authentication The certificate end generates an auxiliary authentication check key according to the authentication end attribute value and the main device attribute value received from the authenticated end, and sends the auxiliary authentication check key to the authenticated end; the authenticated end sends the auxiliary authentication check key generated by the auxiliary authentication end to the authentication end. The authentication end verifies the auxiliary authentication check key according to the authentication end attribute value and the main device attribute value obtained by the authentication end; and if the verification succeeds, the authentication end completes the authenticity authentication of the authenticated end.

通過本發明的技術方案,能夠使外部設備對APP進行安全認證以提升外部設備資料的安全性,不僅易於實現,而且易於推廣。此外,本發明的技術方案還能夠提升業務流程的穩定性。 Through the technical solution of the present invention, it is possible to enable the external device to perform secure authentication on the APP to improve the security of the external device data, which is not only easy to implement but also easy to promote. In addition, the technical solution of the present invention can also improve the stability of the business process.

圖1是根據本發明的APP認證系統的示意圖。 1 is a schematic diagram of an APP authentication system in accordance with the present invention.

圖2是根據本發明的APP認證方法的流程圖。 2 is a flow chart of an APP authentication method in accordance with the present invention.

圖3是根據本發明第一實施例的APP認證方法的流程圖。 FIG. 3 is a flowchart of an APP authentication method according to a first embodiment of the present invention.

圖4是根據本發明第二實施例的APP認證方法的流程圖。 4 is a flow chart of an APP authentication method according to a second embodiment of the present invention.

本發明提出了一種認證APP的合法性和真實性的系統和方法,以此來解決外部設備和APP相互認證的安全性問題。這裏所說的外部設備可以是與主設備可分離、可集成的卡、USB介面設備等。 The present invention proposes a system and method for authenticating the authenticity and authenticity of an APP, thereby solving the security problem of mutual authentication of an external device and an APP. The external device referred to herein may be a card detachable from the host device, an integrated card, a USB interface device, or the like.

以下結合圖1和圖2描述本發明的APP認證系統和認證流程。圖1是根據本發明的APP認證系統的示意圖。圖 2是根據本發明的APP認證方法的流程圖。 The APP authentication system and authentication process of the present invention will be described below with reference to FIGS. 1 and 2. 1 is a schematic diagram of an APP authentication system in accordance with the present invention. Figure 2 is a flow chart of an APP authentication method according to the present invention.

如圖1和圖2所示,對APP進行認證的系統包括:至少一個外部設備端作為認證端,一個APP端作為被認證端,一個後臺端作為輔助認證端。其中該後臺端通常為與該APP相對應的伺服器。 As shown in FIG. 1 and FIG. 2, the system for authenticating an APP includes: at least one external device end serves as an authentication end, one APP end serves as an authenticated end, and one background end serves as an auxiliary authentication end. The background end is usually a server corresponding to the APP.

其中,認證端擁有至少一條可與被認證端進行通訊的通道1,並且認證端可以獲得自身唯一屬性值且通過主設備的互相獲取主設備的唯一屬性值。這裏所說的主設備是指APP宿主系統設備,可以是手機終端或電腦終端等。 The authentication end has at least one channel 1 that can communicate with the authenticated end, and the authentication end can obtain its own unique attribute value and acquire the unique attribute value of the master device through the master device. The term "master device" as used herein refers to an APP host system device, which may be a mobile phone terminal or a computer terminal.

被認證端擁有至少一條可與輔助認證端通訊的通道2,並附屬於主設備端且可通過API(Application Program Interface,應用程式介面)介面獲取認證端的唯一屬性值和主設備的屬性值。 The authenticated end has at least one channel 2 that can communicate with the auxiliary authentication end, and is attached to the main device side and can obtain the unique attribute value of the authentication end and the attribute value of the main device through an API (Application Program Interface) interface.

此外,認證端與輔助認證端之間不是必須擁有一條可通訊的通道,但二者擁有一致的校驗算法並且可生成一致的校驗結果。 In addition, there is no need to have a communication channel between the authentication end and the auxiliary authentication end, but both have consistent verification algorithms and can generate consistent verification results.

被認證端可獲取唯一的軟體身份證ID,此ID值的唯一性保證該APP與其他APP的區分。在APP發布時就將該軟體身份證ID更新保存在輔助認證端中。 The authenticated end can obtain a unique software ID, and the uniqueness of the ID value guarantees the distinction between the APP and other APPs. The software ID ID update is saved in the auxiliary authentication terminal when the APP is released.

在認證過程中,首先被認證端通過與輔助認證端之間的通道2向輔助認證端發送校驗請求資訊,該請求資訊包括經過加密的被認證端自身的軟體身份證ID、認證端屬性值、主設備屬性值。輔助認證端在接收到該校驗請求命令之後,獲取並解密被認證端的軟體身份證ID、認證端屬性 值、主設備屬性值。應該注意,上述加密和解密處理可以採用本技術領域中具有通常知識者皆知的任何加密解密方法,此處不再進行贅述。 In the authentication process, the authentication end sends the verification request information to the auxiliary authentication end through the channel 2 between the authentication end and the auxiliary authentication end. The request information includes the encrypted software ID of the authenticated end and the authentication end attribute value. , the main device attribute value. After receiving the verification request command, the secondary authentication end acquires and decrypts the software ID number and the authentication end attribute of the authenticated end. Value, primary device attribute value. It should be noted that the above encryption and decryption processing may employ any encryption and decryption method known to those skilled in the art, and details are not described herein.

然後,輔助認證端將解密後的軟體身份證ID與自身保存的軟體身份證ID做校驗,如果校驗未通過,則向被認證端返回錯誤資訊;如果校驗通過,則通過校驗算法根據接收到的認證端屬性值和主設備屬性值生成輔助認證校驗key,並將生成的輔助認證校驗key返回給被認證端。其中,校驗key在身份認證中作為認證密鑰,是用於合法性認證的安全碼。 Then, the auxiliary authentication end verifies the decrypted software ID card and the software ID ID saved by itself, and if the verification fails, the error information is returned to the authenticated end; if the verification passes, the verification algorithm is passed. The auxiliary authentication check key is generated according to the received authentication end attribute value and the main device attribute value, and the generated auxiliary authentication check key is returned to the authenticated end. The verification key is used as an authentication key in identity authentication, and is a security code used for legality authentication.

在被認證端接收到來自輔助認證端的正確校驗結果和輔助認證校驗key之後,被認證端通過與認證端之間的通道向認證端發起包含校驗資料(即,輔助認證校驗key)的認證請求。 After the authenticated end receives the correct check result and the auxiliary authentication check key from the auxiliary authentication end, the authenticated end initiates the inclusion of the check data (ie, the auxiliary authentication check key) to the authentication end through the channel between the authenticated end and the authenticated end. Authentication request.

在認證端獲取到認證請求後,將認證端通過自身驅動程式獲取到的認證端自身屬性值、主設備屬性值通過校驗算法計算出校驗key,並利用計算的校驗key對接收到的輔助認證校驗key做校驗。若二者一致,則認證端完成待認證端的真實性認證,進而進行後續的業務處理。如果二者不一致,則返回認證失敗的結果,並拒絕與該被待認證端的進一步通訊。 After the authentication end obtains the authentication request, the authentication end obtains the verification key through the verification algorithm by using the authentication end's own attribute value and the main device attribute value obtained by the authentication end, and uses the calculated verification key to receive the verification key. The secondary authentication check key is checked. If the two are consistent, the authentication end completes the authenticity authentication of the to-be-authenticated end, and then performs subsequent service processing. If the two are inconsistent, the result of the authentication failure is returned, and further communication with the end to be authenticated is rejected.

由此完成認證端和被認證端通過輔助認證端進行真實性和合法性的驗證。 Therefore, the authentication end and the authenticated end verify the authenticity and legality through the auxiliary authentication end.

以下參照圖3和圖4分別以SIM卡和Ukey作為認證 端為例描述本發明的兩個實施例。 The SIM card and Ukey are certified as follows with reference to FIG. 3 and FIG. 4, respectively. The two embodiments of the present invention are described by way of example.

第一實施例 First embodiment

在該實施例中,藍牙SIM(Subscriber identity Module,用戶識別模塊)卡作為認證端,手機APP作為被認證端,以及伺服器作為輔助認證端。此外,藍牙SIM卡與手機APP通過BLE(Bluetooth Low Energy,藍牙低能耗)通道連接,以及手機APP與輔助認證端(伺服器)通過網際網路Internet通道連接。 In this embodiment, a Bluetooth SIM (Subscriber Identity Module) card is used as an authentication end, a mobile APP is used as an authenticated end, and a server is used as an auxiliary authentication end. In addition, the Bluetooth SIM card and the mobile APP are connected through a BLE (Bluetooth Low Energy) channel, and the mobile APP is connected to the auxiliary authentication terminal (server) via an Internet Internet channel.

其中,藍牙SIM卡端可獲取自身IMSI(International Mobile Subscriber Identification Number,國際行動用戶識別碼)和手機端IMEI(International Mobile Equipment Identity,行動設備國際識別碼)資料,並擁有與伺服器端一致的校驗算法。 The Bluetooth SIM card terminal can obtain its own IMSI (International Mobile Subscriber Identification Number) and the IMEI (International Mobile Equipment Identity) data of the mobile terminal, and has a school consistent with the server end. Algorithm.

手機APP端可通過API介面獲取IMSI和IMEI,並獲取APP自身的軟體身份證ID。 The mobile APP can obtain the IMSI and the IMEI through the API interface, and obtain the software ID ID of the APP itself.

伺服器端儲存有與手機端APP相同的軟體身份證ID,並擁有與藍牙SIM卡端一致的校驗算法。 The server side stores the same software ID ID as the mobile APP, and has a verification algorithm consistent with the Bluetooth SIM card end.

在圖3中示出了認證端、被認證端以及輔助認證端的認證過程。 The authentication process of the authentication end, the authenticated end, and the secondary authentication end is shown in FIG.

如圖3所示,在手機APP與藍牙SIM卡通訊認證之前,首先手機APP需要通過Internet與伺服器連接,並將手機APP的軟體身份證ID、IMSI和IMEI封裝後(例如,加密)作為請求校驗資料發送給伺服器端。 As shown in FIG. 3, before the mobile APP and the Bluetooth SIM card are authenticated, the mobile APP needs to be connected to the server through the Internet, and the software ID ID, IMSI, and IMEI of the mobile APP are encapsulated (for example, encrypted) as a request. The verification data is sent to the server.

然後,伺服器端將請求校驗資料解析(例如,解密) 後,根據伺服器中保存的軟體身份證ID對從APP接收到的APP的軟體身份證ID進行校驗。若校驗錯誤,則向手機APP返回校驗錯誤的資訊。若校驗正確,則利用校驗算法由請求校驗資料中的IMSI和IMEI生成校驗key值並將生成的校驗key值返回給手機APP端。 Then, the server will request verification data parsing (for example, decryption) After that, the software ID ID of the APP received from the APP is verified according to the software ID ID stored in the server. If the verification is wrong, the information of the verification error is returned to the mobile APP. If the verification is correct, the verification key algorithm generates a verification key value from the IMSI and the IMEI in the request verification data and returns the generated verification key value to the mobile APP.

接著,手機APP端在收到伺服器端發送的正確校驗結果和校驗key之後,將校驗key作為被認證請求資料發送給藍牙SIM卡。 Then, after receiving the correct verification result and the verification key sent by the server, the mobile APP sends the verification key as the authentication request data to the Bluetooth SIM card.

最後,藍牙SIM卡將自身獲取到的IMSI和IMEI作為校驗資料的因子通過校驗算法計算出校驗key,並與手機APP發送的認證請求資料中的校驗key進行比對校驗。若正確則完成藍牙SIM卡對手機APP的真實性認證,否則認定為非法請求認證。 Finally, the Bluetooth SIM card calculates the verification key by using the IMSI and the IMEI obtained as the check data by the check algorithm, and performs comparison check with the check key in the authentication request data sent by the mobile APP. If it is correct, the authenticity verification of the mobile phone APP by the Bluetooth SIM card is completed, otherwise it is determined to be an illegal request for authentication.

第二實施例 Second embodiment

在該實施例中,Ukey作為認證端,電腦APP作為被認證端,以及伺服器作為輔助認證端。此外,Ukey與電腦APP通過USB(Universal Serial Bus,通用序列匯流排)通道連接,以及電腦APP與伺服器端通過網際網路Internet通道連接。其中,UKey是一種通過USB直接與電腦相連、具有密碼驗證功能、可靠高速的小型儲存設備。 In this embodiment, Ukey is used as the authentication end, the computer APP is used as the authenticated end, and the server is used as the auxiliary authentication end. In addition, Ukey and the computer APP are connected through a USB (Universal Serial Bus) channel, and the computer APP and the server end are connected through an Internet Internet channel. Among them, UKey is a small-sized storage device that is directly connected to a computer via USB, has a password verification function, and is reliable and high-speed.

其中,Ukey端可獲取自身ID和電腦MAC(Media Access Control,介質訪問控制)值,並擁有與伺服器端一致的校驗算法。 The Ukey can obtain its own ID and computer MAC (Media Access Control) value, and has a verification algorithm consistent with the server.

電腦APP端可通過API介面獲取Ukey端的ID和電 腦設備的MAC值,並且可以獲取APP的軟體身份證ID。 The PC app can obtain the ID and power of the Ukey terminal through the API interface. The MAC value of the brain device, and the software ID ID of the APP can be obtained.

伺服器端儲存有與電腦APP相同的軟體身份證ID,並擁有與Ukey端一致的校驗算法。 The server side stores the same software ID ID as the computer APP, and has a verification algorithm consistent with the Ukey end.

在圖4中示出了認證端、被認證端以及輔助認證端的認證過程。 The authentication process of the authentication end, the authenticated end, and the secondary authentication end is shown in FIG.

如圖4所示,在電腦APP與Ukey通訊認證之前,電腦APP首先需要通過Internet與伺服器連接,並將電腦APP的軟體身份證ID、Ukey的ID和電腦的MAC值封裝後作為請求校驗資料發送給伺服器端。 As shown in Figure 4, before the computer APP and Ukey communication authentication, the computer APP first needs to connect with the server through the Internet, and encapsulates the software ID ID, Ukey ID and computer MAC value of the computer APP as request verification. The data is sent to the server.

然後,伺服器端將請求校驗資料解析後,根據伺服器中儲存的APP的軟體身份證ID對電腦APP發送的APP的軟體身份證ID進行校驗。若校驗錯誤,則向手機APP返回校驗錯誤的資訊。若校驗正確,則利用校驗算法由請求校驗資料中的ID和MAC生成校驗key值並將生成的校驗key值返回給電腦APP端。 Then, after the server side requests the verification data to be parsed, the software ID of the APP sent by the computer APP is verified according to the software ID number of the APP stored in the server. If the verification is wrong, the information of the verification error is returned to the mobile APP. If the verification is correct, the verification key is used to generate a verification key value from the ID and MAC in the request verification data and return the generated verification key value to the computer APP.

接著,電腦APP端在收到伺服器端發送的正確校驗結果和校驗key之後,將校驗key作為被認證請求資料發送給Ukey端。 Then, after receiving the correct verification result and the verification key sent by the server, the PC APP sends the verification key as the authentication request data to the Ukey.

最後,Ukey端將自身獲取到的ID和電腦的MAC值作為校驗資料的因子通過校驗算法計算出校驗key,並與電腦APP發送的被認證請求資料中的校驗key進行比對校驗,若正確則完成Ukey端對電腦APP的真實性認證,否則認定為非法請求認證。 Finally, the Ukey uses the ID obtained by itself and the MAC value of the computer as the check factor to calculate the check key through the check algorithm, and compares it with the check key in the authenticated request data sent by the computer APP. If the test is correct, the Ukey end authenticates the authenticity of the computer APP, otherwise it is determined to be an illegal request for authentication.

如上所述,在本發明的技術方案中,認證端通過輔助 認證端來校驗被認證端的合法性,再由合法的被認證端參數生成真實性校驗key,由此利用校驗key來請求認證端校驗APP的真實性。認證端和輔助認證端是相互動態獨立的,這樣可以確保各自的安全性,並且在保證被認證端的合法性前提下才會進行真實性的驗證,從而防止非法被認證端在竊取校驗key後偽裝通過真實性的校驗,進一步加強被認證端真實性的可靠認證。 As described above, in the technical solution of the present invention, the authentication end is assisted The authenticator verifies the validity of the authenticated end, and then generates a authenticity check key from the valid authenticated end parameter, thereby using the check key to request the authenticator to verify the authenticity of the APP. The authentication end and the auxiliary authentication end are dynamically independent of each other, so as to ensure the security of each, and the authenticity verification is performed on the premise of ensuring the legitimacy of the authenticated end, thereby preventing the illegally authenticated end from stealing the check key. The camouflage further enhances the authenticity of the authenticity of the authenticated end through the verification of authenticity.

上面已在第一實施例和第二實施例中描述了兩種具體實施方式,但本發明不限於此,而是可以進行許多擴展。例如,認證端除上述藍牙SIM和Ukey之外,還可以是SD卡、藍牙智慧卡和智慧密碼鑰匙等,這樣的變形均包括在本發明的範圍之內。 Two specific embodiments have been described above in the first embodiment and the second embodiment, but the present invention is not limited thereto, and many extensions are possible. For example, the authentication end may be an SD card, a Bluetooth smart card, a smart cipher key or the like in addition to the above-mentioned Bluetooth SIM and Ukey, and such modifications are all included in the scope of the present invention.

需要說明的是,以上參照附圖所描述的各個實施例僅用以說明本發明而非限制本發明的範圍,所屬技術領域中具有通常知識者應當理解,在不脫離本發明的精神和範圍的前提下對本發明進行的修改或者等同替換,均應涵蓋在本發明的範圍之內。此外,除上下文另有所指外,以單數形式出現的詞包括複數形式,反之亦然。另外,除非特別說明,那麽任何實施例的全部或一部分可結合任何其它實施例的全部或一部分來使用。 It should be noted that the various embodiments described above with reference to the drawings are only intended to illustrate the invention and not to limit the scope of the invention, and those of ordinary skill in the art should understand that without departing from the spirit and scope of the invention. Modifications or equivalent substitutions of the invention are intended to be included within the scope of the invention. In addition, unless the context indicates otherwise, words in the singular include plural and vice versa. In addition, all or a portion of any embodiment can be used in combination with all or a portion of any other embodiment, unless otherwise stated.

Claims (7)

一種APP認證系統,包括:被認證端、認證端和輔助認證端;其中,該被認證端用於發送該被認證端的唯一軟體身份證ID、認證端唯一屬性值和主設備唯一屬性值至該輔助認證端;以及將該輔助認證端生成的輔助認證校驗key發送給該認證端;該主設備是指APP宿主系統設備,為手機終端或電腦終端;該認證端為與主設備可分離、可集成的卡或USB介面設備;該輔助認證端用於利用該輔助認證端中保存的該軟體身份證ID對從該被認證端接收的該唯一軟體身份證ID進行校驗,如果校驗通過,則根據從該被認證端接收的該認證端唯一屬性值和該主設備唯一屬性值生成該輔助認證校驗key並將其發送給該被認證端;該認證端用於根據自己獲取到的該認證端唯一屬性值和該主設備唯一屬性值對該輔助認證校驗key進行校驗。 An APP authentication system includes: an authenticated end, an authentication end, and a secondary authentication end; wherein the authenticated end is configured to send the unique software ID number, the authentication end unique attribute value, and the main device unique attribute value of the authenticated end to the The auxiliary authentication end; and the auxiliary authentication check key generated by the auxiliary authentication end is sent to the authentication end; the main device refers to the APP host system device, which is a mobile phone terminal or a computer terminal; the authentication end is separable from the main device, An integrated card or USB interface device; the auxiliary authentication end is configured to verify, by using the software ID card saved in the auxiliary authentication end, the unique software ID ID received from the authenticated end, if the verification is passed And generating the auxiliary authentication check key according to the authentication end unique attribute value and the primary device unique attribute value received from the authenticated end, and sending the auxiliary authentication check key to the authenticated end; the authentication end is used to obtain according to the self-acquired The authentication end unique attribute value and the primary device unique attribute value verify the secondary authentication check key. 如請求項1所記載的APP認證系統,其中,該APP認證系統包括:外部設備端作為該認證端,APP端作為該被認證端,後臺端作為該輔助認證端,該後臺端為與該APP端相對應的服務器; 該認證端為藍牙SIM、Ukey、SD卡、藍牙智慧卡和智慧密碼鑰匙。 The APP authentication system as claimed in claim 1, wherein the APP authentication system includes: an external device end as the authentication end, an APP end as the authenticated end, and a background end as the auxiliary authentication end, and the background end is the same as the APP The server corresponding to the end; The authentication terminal is a Bluetooth SIM, a Ukey, an SD card, a Bluetooth smart card, and a smart cipher key. 如請求項1或2所記載的APP認證系統,其中該認證端為藍牙SIM卡,該被認證端為手機APP,該輔助認證端為伺服器;該藍牙SIM卡端可獲取自身IMSI和手機IMEI資料,並擁有與該伺服器端一致的校驗算法;該手機APP可通過API獲取IMSI和IMEI,並獲取該手機APP自身的該唯一軟體身份證ID;該伺服器端儲存有與該手機APP相同的該軟體身份證ID,並擁有與該藍牙SIM卡端一致的校驗算法;該藍牙SIM卡與該手機APP通過藍牙低能耗通道連接,以及該手機APP與該輔助認證端通過網際網路通道連接。 The APP authentication system as claimed in claim 1 or 2, wherein the authentication end is a Bluetooth SIM card, the authenticated end is a mobile phone APP, and the auxiliary authentication end is a server; the Bluetooth SIM card end can acquire its own IMSI and the mobile phone IMEI. Data, and has a verification algorithm consistent with the server; the mobile APP can obtain the IMSI and IMEI through the API, and obtain the unique software ID of the mobile APP itself; the server stores the APP with the mobile phone The same software ID card, and has a verification algorithm consistent with the Bluetooth SIM card end; the Bluetooth SIM card is connected to the mobile APP via a Bluetooth low energy channel, and the mobile APP and the auxiliary authentication terminal are connected to the Internet. Channel connection. 如請求項1或2所記載的APP認證系統,其中該認證端為Ukey,該被認證端為電腦APP,該輔助認證端為伺服器;其中,該Ukey可獲取自身ID和電腦設備MAC值,並擁有與該伺服器一致的校驗算法;該電腦APP可通過API介面獲取該Ukey的該ID和該電腦設備MAC值,並且可以獲取該電腦APP的該唯一軟體身份證ID; 該伺服器儲存有與該電腦APP相同的該軟體身份證ID,並擁有與該Ukey一致的校驗算法;該Ukey與該電腦APP通過USB通道連接,以及該電腦APP與該伺服器通過網際網路通道連接,其中,該UKey是一種通過USB介面直接與該電腦終端相連、具有密碼驗證功能、可靠高速的小型儲存設備。 The APP authentication system as claimed in claim 1 or 2, wherein the authentication end is Ukey, the authenticated end is a computer APP, and the auxiliary authentication end is a server; wherein the Ukey can obtain the self ID and the MAC value of the computer device. And having a verification algorithm consistent with the server; the computer APP can obtain the ID of the Ukey and the MAC value of the computer device through an API interface, and can obtain the unique software ID of the computer APP; The server stores the same software ID ID as the computer APP, and has a verification algorithm consistent with the Ukey; the Ukey is connected to the computer APP via a USB channel, and the computer APP and the server are connected through the Internet. The roadway is connected, wherein the UKey is a small-sized storage device that is directly connected to the computer terminal through a USB interface, has a password verification function, and is reliable and high-speed. 一種用於APP認證的方法,該方法使用如請求項1或2所記載的APP認證系統,包括以下步驟:被認證端將唯一軟體身份證ID、認證端唯一屬性值和主設備唯一屬性值發送給輔助認證端;該主設備是指APP宿主系統設備;該輔助認證端利用該輔助認證端中保存的該軟體身份證ID對從該被認證端接收的該唯一軟體身份證ID進行校驗;如果校驗通過,則該輔助認證端根據從該被認證端接收的該認證端唯一屬性值和該主設備唯一屬性值生成該輔助認證校驗key並將其發送給該被認證端;該被認證端將該輔助認證端生成的該輔助認證校驗key發送給該認證端;該認證端根據自己獲取到的該認證端唯一屬性值和該主設備唯一屬性值對該輔助認證校驗key進行校驗。 A method for APP authentication, which uses the APP authentication system as recited in claim 1 or 2, and includes the following steps: the authenticated end sends the unique software ID number, the authentication end unique attribute value, and the main device unique attribute value. The auxiliary authentication end; the main device refers to the APP host system device; the auxiliary authentication end uses the software ID ID saved in the auxiliary authentication end to verify the unique software ID card received from the authenticated end; If the verification succeeds, the secondary authentication end generates the secondary authentication verification key according to the authentication end unique attribute value and the primary device unique attribute value received from the authenticated end, and sends the secondary authentication verification key to the authenticated end; The authentication end sends the auxiliary authentication check key generated by the auxiliary authentication end to the authentication end; the authentication end performs the auxiliary authentication check key according to the unique attribute value of the authentication end acquired by the authentication end and the unique attribute value of the primary device. check. 一種用於APP認證的方法,該方法使用如請求項3所記載的APP認證系統,包括以下步驟:在手機APP與藍牙SIM卡通訊認證之前,首先該手機APP通過網際網路與伺服器連接,並將該手機APP的該唯一軟體身份證ID、該藍牙SIM卡的IMSI和該手機IMEI封裝後作為請求校驗資料發送給該伺服器;然後,該伺服器將該請求校驗資料解析後,根據該伺服器中保存的該軟體身份證ID對從該手機APP接收到的該手機APP的該唯一軟體身份證ID進行校驗,若校驗錯誤,則向該手機APP返回校驗錯誤的資訊,若校驗正確,則利用校驗算法由該請求校驗資料中的該藍牙SIM卡的IMSI和該手機IMEI生成校驗key值並將生成的該校驗key值返回給該手機APP;接著,該手機APP在收到該伺服器發送的正確校驗結果和該校驗key值之後,將該校驗key值作為被認證請求資料發送給該藍牙SIM卡;最後,該藍牙SIM卡將自身獲取到的IMSI和IMEI作為校驗資料的因子通過校驗算法計算出校驗key,並與手機APP發送的該被認證請求資料中的該校驗key值進行比對校驗,若正確則完成該藍牙SIM卡對該手機APP的真實性認證,否則認定為非法請求認證。 A method for APP authentication, which uses the APP authentication system as described in claim 3, and includes the following steps: before the mobile phone APP and the Bluetooth SIM card are authenticated, the mobile APP is first connected to the server through the Internet. And the unique software ID ID of the mobile phone APP, the IMSI of the Bluetooth SIM card, and the IMEI of the mobile phone are encapsulated and sent as the request verification data to the server; and then the server parses the request verification data. And verifying the unique software ID of the mobile phone APP received from the mobile phone APP according to the software ID ID stored in the server, and if the verification is incorrect, returning the verification error information to the mobile APP If the verification is correct, the verification algorithm is used to generate a verification key value from the IMSI of the Bluetooth SIM card in the request verification data and the mobile phone IMEI, and return the generated verification key value to the mobile phone APP; After receiving the correct verification result sent by the server and the verification key value, the mobile phone APP sends the verification key value as the authentication request data to the Bluetooth SIM card; finally, the Bluetooth SIM card will be The acquired IMSI and the IMEI are used as the check data to calculate the check key by the check algorithm, and are compared with the check key value in the authenticated request data sent by the mobile APP, and if yes, the check is completed. The Bluetooth SIM card authenticates the authenticity of the mobile phone APP, otherwise it is deemed to be an illegal request for authentication. 一種用於APP認證的方法,該方法使用如請求項4所記載的APP認證系統,包括以下步驟:在電腦APP與Ukey通訊認證之前,該電腦APP首先需要通過Internet與伺服器連接,並將該電腦APP的該唯一軟體身份證ID、Ukey的ID和電腦設備MAC值封裝後作為請求校驗資料發送給該伺服器;然後,該伺服器將該請求校驗資料解析後,根據該伺服器中儲存的該APP端的該軟體身份證ID對該電腦APP發送的該電腦APP的該唯一軟體身份證ID進行校驗,若校驗錯誤,則向手機APP返回校驗錯誤的資訊,若校驗正確,則利用校驗算法由該請求校驗資料中的該Ukey的ID和該電腦設備MAC值生成校驗key值並將生成的該校驗key值返回給該電腦APP;接著,該電腦APP在收到該伺服器發送的正確校驗結果和該校驗key值之後,將該校驗key值作為被認證請求資料發送給該Ukey;最後,該Ukey將自身獲取到的ID和電腦設備MAC值作為校驗資料的因子通過校驗算法計算出校驗key,並與該電腦APP發送的該被認證請求資料中的該校驗key值進行比對校驗,若正確則完成該Ukey對該電腦APP的真實性認證,否則認定為非法請求認證。 A method for APP authentication, which uses the APP authentication system as described in claim 4, and includes the following steps: before the computer APP and the Ukey communication authentication, the computer APP first needs to be connected to the server through the Internet, and the method The unique software ID card, the Ukey ID, and the computer device MAC value of the computer APP are encapsulated and sent to the server as request verification data; then, the server parses the request verification data according to the server. The stored software ID of the APP is verified by the software APP ID of the computer APP sent by the computer APP. If the verification is incorrect, the verification error information is returned to the mobile APP, and if the verification is correct, And using a verification algorithm to generate a verification key value from the Ukey ID in the request verification data and the computer device MAC value, and return the generated verification key value to the computer APP; then, the computer APP is After receiving the correct verification result sent by the server and the verification key value, the verification key value is sent to the Ukey as the authentication request data; finally, the Ukey obtains the ID and the computer set by itself. The MAC value is used as a check factor to calculate a check key by using a check algorithm, and is compared with the check key value in the authenticated request data sent by the computer APP. If the value is correct, the Ukey pair is completed. The authenticity of the computer APP is authenticated, otherwise it is considered illegal to request authentication.
TW105135512A 2015-11-03 2016-11-02 APP certification system and method TWI657350B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510735719 2015-11-03
??201510735719.4 2015-11-03

Publications (2)

Publication Number Publication Date
TW201717084A TW201717084A (en) 2017-05-16
TWI657350B true TWI657350B (en) 2019-04-21

Family

ID=58661696

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105135512A TWI657350B (en) 2015-11-03 2016-11-02 APP certification system and method

Country Status (3)

Country Link
CN (1) CN107113316A (en)
TW (1) TWI657350B (en)
WO (1) WO2017076257A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109150849A (en) * 2018-07-27 2019-01-04 国政通科技有限公司 A kind of identity identifying method and system
CN113068164B (en) * 2021-02-09 2022-10-28 国网上海能源互联网研究院有限公司 Power distribution terminal local safety operation and maintenance method and system based on Bluetooth communication
CN113690860A (en) * 2021-08-09 2021-11-23 国网江苏省电力有限公司 Fixed value checking method for server

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200513839A (en) * 2003-04-08 2005-04-16 Qualcomm Inc Associating software with hardware using cryptography
CN102546532A (en) * 2010-12-07 2012-07-04 中国移动通信集团公司 Capacity calling method, capacity calling request device, capacity calling platform and capacity calling system
CN103401884A (en) * 2013-08-16 2013-11-20 深信服网络科技(深圳)有限公司 Authentication method and system for public wireless environment Internet access based on micro message
CN103686724A (en) * 2012-09-25 2014-03-26 金蝶软件(中国)有限公司 A mobile application access authentication and authorization method and system
CN104601593A (en) * 2015-02-04 2015-05-06 公安部第三研究所 Anti-tracking method in network electronic identity authentication process based on challenge modes

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101986597A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Identity authentication system with biological characteristic recognition function and authentication method thereof
US9430640B2 (en) * 2012-09-28 2016-08-30 Intel Corporation Cloud-assisted method and service for application security verification
CN103200008A (en) * 2013-02-28 2013-07-10 山东超越数控电子有限公司 Linux identity authentication system and Linux identity authentication method
CN104992329B (en) * 2015-05-14 2018-05-11 飞天诚信科技股份有限公司 A kind of method for safely issuing transaction message

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200513839A (en) * 2003-04-08 2005-04-16 Qualcomm Inc Associating software with hardware using cryptography
CN102546532A (en) * 2010-12-07 2012-07-04 中国移动通信集团公司 Capacity calling method, capacity calling request device, capacity calling platform and capacity calling system
CN103686724A (en) * 2012-09-25 2014-03-26 金蝶软件(中国)有限公司 A mobile application access authentication and authorization method and system
CN103401884A (en) * 2013-08-16 2013-11-20 深信服网络科技(深圳)有限公司 Authentication method and system for public wireless environment Internet access based on micro message
CN104601593A (en) * 2015-02-04 2015-05-06 公安部第三研究所 Anti-tracking method in network electronic identity authentication process based on challenge modes

Also Published As

Publication number Publication date
TW201717084A (en) 2017-05-16
WO2017076257A1 (en) 2017-05-11
CN107113316A (en) 2017-08-29

Similar Documents

Publication Publication Date Title
US11184343B2 (en) Method for carrying out an authentication
AU2019201720B2 (en) Method of using one device to unlock another device
WO2018050081A1 (en) Device identity authentication method and apparatus, electric device, and storage medium
KR101666374B1 (en) Method, apparatus and computer program for issuing user certificate and verifying user
CN109729523B (en) Terminal networking authentication method and device
CN110990827A (en) Identity information verification method, server and storage medium
WO2015192670A1 (en) User identity authentication method, terminal and service terminal
US20140281495A1 (en) Method and apparatus for performing authentication between applications
CN107733636B (en) Authentication method and authentication system
US20160044033A1 (en) Method for verifying security data, system, and a computer-readable storage device
KR101531662B1 (en) Method and system for mutual authentication between client and server
KR20180013710A (en) Public key infrastructure based service authentication method and system
CN111431840B (en) Security processing method and device, computer equipment and readable storage medium
US20210073359A1 (en) Secure one-time password (otp) authentication
US20210256102A1 (en) Remote biometric identification
TWI657350B (en) APP certification system and method
KR20160013135A (en) Secured data channel authentication implying a shared secret
WO2020024852A1 (en) Authentication method and authentication device
KR20170017455A (en) Mutual authentication method between mutual authentication devices based on session key and token, mutual authentication devices
WO2017166135A1 (en) Transaction method, transaction information processing method, transaction terminal and server
CN113505353A (en) Authentication method, device, equipment and storage medium
CN112437068A (en) Authentication and key agreement method, device and system
KR102415628B1 (en) Method and apparatus for authenticating drone using dim
US10984080B2 (en) Method for authenticating a user and a secure module, associated electronic apparatus and system
CN111182004B (en) SSL handshake method, device and equipment

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees